Software Updates

TrustKeeper Scan Engine Update - July 1, 2014

Written by | Jul 1, 2014 6:29:00 AM

Summary

The latest update to the TrustKeeper Scan Engine is now available. It adds detection for more than a dozen vulnerabilities, including several recently patched vulnerabilities in ISC BIND, OpenSSL and PHP.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

ISC

  • ISC BIND Prefetch Defect Denial Of Service Vulnerability (CVE-2014-3214)
  • ISC BIND Denial of Service Vulnerability via EDNS Printing Processing (CVE-2014-3859)

OpenSSL

  • OpenSSL Anonymous ECDH Denial of Service Vulnerability (CVE-2014-3470)
  • OpenSSL ChangeCipherSpec Man in the Middle Vulnerability (CVE-2014-0224)
  • OpenSSL do_ssl3_write Denial of Service Vulnerability (CVE-2014-0198)
  • OpenSSL DTLS Invalid Fragment Vulnerability (CVE-2014-0195)
  • OpenSSL DTLS Recursion Denial of Service Vulnerability (CVE-2014-0221)

Other

  • phpMyAdmin Cross-Site Scripting in import.php (CVE-2014-1879)
  • PostgreSQL Multiple Integer Overflows in hstore_io.c (CVE-2014-2669)

PHP

  • PHP cdf_read_property_info Denial of Service Vulnerability (CVE-2014-0238)
  • PHP cdf_unpack_summary_info Denial of Service Vulnerability (CVE-2014-0237)

Samba

  • Samba Uninitialized Memory Exposure Vulnerability (CVE-2014-0178)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.