Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2011-4)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.120514

Kategorie: Amazon Linux Local Security Checks

Titel: Amazon Linux: Security Advisory (ALAS-2011-4)

Zusammenfassung: The remote host is missing an update for the 'openssl' package(s) announced via the ALAS-2011-4 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'openssl' package(s) announced via the ALAS-2011-4 advisory.

Vulnerability Insight:
An uninitialized variable use flaw was found in OpenSSL. This flaw could cause an application using the OpenSSL Certificate Revocation List (CRL) checking functionality to incorrectly accept a CRL that has a nextUpdate date in the past.

All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Affected Software/OS:
'openssl' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-3207
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
HPdes Security Advisory: HPSBMU02752
http://marc.info/?l=bugtraq&m=133226187115472&w=2
HPdes Security Advisory: SSRT100802
http://www.mandriva.com/security/advisories?name=MDVSA-2011:137
http://www.redhat.com/support/errata/RHSA-2011-1409.html
http://www.securitytracker.com/id?1026012
http://secunia.com/advisories/45956
http://secunia.com/advisories/57353

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.120514
Kategorie:	Amazon Linux Local Security Checks
Titel:	Amazon Linux: Security Advisory (ALAS-2011-4)
Zusammenfassung:	The remote host is missing an update for the 'openssl' package(s) announced via the ALAS-2011-4 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the ALAS-2011-4 advisory. Vulnerability Insight: An uninitialized variable use flaw was found in OpenSSL. This flaw could cause an application using the OpenSSL Certificate Revocation List (CRL) checking functionality to incorrectly accept a CRL that has a nextUpdate date in the past. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Affected Software/OS: 'openssl' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3207 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html HPdes Security Advisory: HPSBMU02752 http://marc.info/?l=bugtraq&m=133226187115472&w=2 HPdes Security Advisory: SSRT100802 http://www.mandriva.com/security/advisories?name=MDVSA-2011:137 http://www.redhat.com/support/errata/RHSA-2011-1409.html http://www.securitytracker.com/id?1026012 http://secunia.com/advisories/45956 http://secunia.com/advisories/57353
Copyright	Copyright (C) 2015 Greenbone AG