English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 146377 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.123280
Kategorie:Oracle Linux Local Security Checks
Titel:Oracle: Security Advisory (ELSA-2014-1652)
Zusammenfassung:The remote host is missing an update for the 'openssl' package(s) announced via the ELSA-2014-1652 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'openssl' package(s) announced via the ELSA-2014-1652 advisory.

Vulnerability Insight:
[1.0.1e-30.2]
- fix CVE-2014-3567 - memory leak when handling session tickets
- fix CVE-2014-3513 - memory leak in srtp support
- add support for fallback SCSV to partially mitigate CVE-2014-3566
(padding attack on SSL3)

[1.0.1e-30]
- add ECC TLS extensions to DTLS (#1119800)

[1.0.1e-29]
- fix CVE-2014-3505 - doublefree in DTLS packet processing
- fix CVE-2014-3506 - avoid memory exhaustion in DTLS
- fix CVE-2014-3507 - avoid memory leak in DTLS
- fix CVE-2014-3508 - fix OID handling to avoid information leak
- fix CVE-2014-3509 - fix race condition when parsing server hello
- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS
- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation

[1.0.1e-28]
- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support

[1.0.1e-26]
- drop EXPORT, RC2, and DES from the default cipher list (#1057520)
- print ephemeral key size negotiated in TLS handshake (#1057715)
- do not include ECC ciphersuites in SSLv2 client hello (#1090952)
- properly detect encryption failure in BIO (#1100819)
- fail on hmac integrity check if the .hmac file is empty (#1105567)
- FIPS mode: make the limitations on DSA, DH, and RSA keygen
length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment
variable is set

[1.0.1e-25]
- fix CVE-2010-5298 - possible use of memory after free
- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment
- fix CVE-2014-0198 - possible NULL pointer dereference
- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet
- fix CVE-2014-0224 - SSL/TLS MITM vulnerability
- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH

[1.0.1e-24]
- add back support for secp521r1 EC curve

[1.0.1e-23]
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

[1.0.1e-22]
- use 2048 bit RSA key in FIPS selftests

[1.0.1e-21]
- add DH_compute_key_padded needed for FIPS CAVS testing
- make 3des strength to be 128 bits instead of 168 (#1056616)
- FIPS mode: do not generate DSA keys and DH parameters < 2048 bits
- FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys)
- FIPS mode: add DH selftest
- FIPS mode: reseed DRBG properly on RAND_add()
- FIPS mode: add RSA encrypt/decrypt selftest
- FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key
- use the key length from configuration file if req -newkey rsa is invoked

[1.0.1e-20]
- fix CVE-2013-4353 - Invalid TLS handshake crash

[1.0.1e-19]
- fix CVE-2013-6450 - possible MiTM attack on DTLS1

[1.0.1e-18]
- fix CVE-2013-6449 - crash when version in SSL structure is incorrect

[1.0.1e-17]
- add back some no-op symbols that were inadvertently dropped

Affected Software/OS:
'openssl' package(s) on Oracle Linux 6, Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-3513
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
BugTraq ID: 70584
http://www.securityfocus.com/bid/70584
Debian Security Information: DSA-3053 (Google Search)
http://www.debian.org/security/2014/dsa-3053
http://security.gentoo.org/glsa/glsa-201412-39.xml
HPdes Security Advisory: HPSBGN03233
http://marc.info/?l=bugtraq&m=142118135300698&w=2
HPdes Security Advisory: HPSBHF03300
http://marc.info/?l=bugtraq&m=142804214608580&w=2
HPdes Security Advisory: HPSBMU03223
http://marc.info/?l=bugtraq&m=143290583027876&w=2
HPdes Security Advisory: HPSBMU03260
http://marc.info/?l=bugtraq&m=142495837901899&w=2
HPdes Security Advisory: HPSBMU03261
http://marc.info/?l=bugtraq&m=143290522027658&w=2
HPdes Security Advisory: HPSBMU03263
http://marc.info/?l=bugtraq&m=143290437727362&w=2
HPdes Security Advisory: HPSBMU03267
http://marc.info/?l=bugtraq&m=142624590206005&w=2
HPdes Security Advisory: HPSBMU03296
http://marc.info/?l=bugtraq&m=142834685803386&w=2
HPdes Security Advisory: HPSBMU03304
http://marc.info/?l=bugtraq&m=142791032306609&w=2
HPdes Security Advisory: SSRT101739
HPdes Security Advisory: SSRT101868
HPdes Security Advisory: SSRT101894
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
NETBSD Security Advisory: NetBSD-SA2014-015
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc
RedHat Security Advisories: RHSA-2014:1652
http://rhn.redhat.com/errata/RHSA-2014-1652.html
RedHat Security Advisories: RHSA-2014:1692
http://rhn.redhat.com/errata/RHSA-2014-1692.html
http://www.securitytracker.com/id/1031052
http://secunia.com/advisories/59627
http://secunia.com/advisories/61058
http://secunia.com/advisories/61073
http://secunia.com/advisories/61207
http://secunia.com/advisories/61298
http://secunia.com/advisories/61439
http://secunia.com/advisories/61837
http://secunia.com/advisories/61959
http://secunia.com/advisories/61990
http://secunia.com/advisories/62070
SuSE Security Announcement: SUSE-SU-2014:1357 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html
SuSE Security Announcement: openSUSE-SU-2014:1331 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html
http://www.ubuntu.com/usn/USN-2385-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-3567
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
BugTraq ID: 70586
http://www.securityfocus.com/bid/70586
HPdes Security Advisory: HPSBOV03227
http://marc.info/?l=bugtraq&m=142103967620673&w=2
HPdes Security Advisory: HPSBUX03162
http://marc.info/?l=bugtraq&m=141477196830952&w=2
HPdes Security Advisory: SSRT101767
HPdes Security Advisory: SSRT101779
http://www.mandriva.com/security/advisories?name=MDVSA-2014:203
RedHat Security Advisories: RHSA-2015:0126
http://rhn.redhat.com/errata/RHSA-2015-0126.html
http://secunia.com/advisories/61130
http://secunia.com/advisories/61819
http://secunia.com/advisories/62030
http://secunia.com/advisories/62124
SuSE Security Announcement: SUSE-SU-2014:1361 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html
SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
CopyrightCopyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.