Test Kennung:	1.3.6.1.4.1.25623.1.0.122889
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2016-0302)
Zusammenfassung:	The remote host is missing an update for the 'openssl' package(s) announced via the ELSA-2016-0302 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the ELSA-2016-0302 advisory. Vulnerability Insight: [0.9.8e-39.0.1] - To disable SSLv2 client connections create the file /etc/sysconfig/openssl-ssl-client-kill-sslv2 (John Haxby) [orabug 21673934] - Backport openssl 08-Jan-2015 security fixes (John Haxby) [orabug 20409893] - fix CVE-2014-3570 - Bignum squaring may produce incorrect results - fix CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record - fix CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client] [0.9.8e-39] - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn [0.9.8e-38] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method (can be re-enabled by setting environment variable OPENSSL_ENABLE_SSL2) Affected Software/OS: 'openssl' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3197 BugTraq ID: 82237 http://www.securityfocus.com/bid/82237 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 CERT/CC vulnerability note: VU#257823 https://www.kb.cert.org/vuls/id/257823 http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html FreeBSD Security Advisory: FreeBSD-SA-16:12 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:11.openssl.asc https://security.gentoo.org/glsa/201601-05 http://www.securitytracker.com/id/1034849 SuSE Security Announcement: SUSE-SU-2016:0617 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html SuSE Security Announcement: SUSE-SU-2016:0620 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html SuSE Security Announcement: SUSE-SU-2016:0621 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html SuSE Security Announcement: SUSE-SU-2016:0624 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html SuSE Security Announcement: SUSE-SU-2016:0631 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html SuSE Security Announcement: SUSE-SU-2016:0641 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html SuSE Security Announcement: SUSE-SU-2016:0678 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html SuSE Security Announcement: SUSE-SU-2016:1057 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html SuSE Security Announcement: openSUSE-SU-2016:0628 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html SuSE Security Announcement: openSUSE-SU-2016:0637 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html SuSE Security Announcement: openSUSE-SU-2016:0638 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html SuSE Security Announcement: openSUSE-SU-2016:0720 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html SuSE Security Announcement: openSUSE-SU-2016:1239 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html SuSE Security Announcement: openSUSE-SU-2016:1241 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html Common Vulnerability Exposure (CVE) ID: CVE-2016-0797 BugTraq ID: 83763 http://www.securityfocus.com/bid/83763 Cisco Security Advisory: 20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl Debian Security Information: DSA-3500 (Google Search) http://www.debian.org/security/2016/dsa-3500 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc https://security.gentoo.org/glsa/201603-15 HPdes Security Advisory: HPSBGN03563 http://marc.info/?l=bugtraq&m=145889460330120&w=2 RedHat Security Advisories: RHSA-2016:2957 http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.securitytracker.com/id/1035133 SuSE Security Announcement: openSUSE-SU-2016:0627 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html SuSE Security Announcement: openSUSE-SU-2016:1566 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html http://www.ubuntu.com/usn/USN-2914-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-0800 BugTraq ID: 83733 http://www.securityfocus.com/bid/83733 CERT/CC vulnerability note: VU#583776 https://www.kb.cert.org/vuls/id/583776 HPdes Security Advisory: HPSBGN03569 http://marc.info/?l=bugtraq&m=145983526810210&w=2 HPdes Security Advisory: HPSBMU03573 http://marc.info/?l=bugtraq&m=146133665209436&w=2 HPdes Security Advisory: HPSBMU03575 http://marc.info/?l=bugtraq&m=146108058503441&w=2 https://drownattack.com https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03 https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18 RedHat Security Advisories: RHSA-2016:1519 http://rhn.redhat.com/errata/RHSA-2016-1519.html
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.