Test Kennung:	1.3.6.1.4.1.25623.1.0.123684
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2013-0587)
Zusammenfassung:	The remote host is missing an update for the 'openssl' package(s) announced via the ELSA-2013-0587 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the ELSA-2013-0587 advisory. Vulnerability Insight: [1.0.0-27.2] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735) Affected Software/OS: 'openssl' package(s) on Oracle Linux 5, Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4929 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html BugTraq ID: 55704 http://www.securityfocus.com/bid/55704 Debian Security Information: DSA-2579 (Google Search) http://www.debian.org/security/2012/dsa-2579 Debian Security Information: DSA-2627 (Google Search) http://www.debian.org/security/2013/dsa-2627 Debian Security Information: DSA-3253 (Google Search) http://www.debian.org/security/2015/dsa-3253 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html HPdes Security Advisory: HPSBUX02866 http://marc.info/?l=bugtraq&m=136612293908376&w=2 HPdes Security Advisory: SSRT101139 http://jvn.jp/en/jp/JVN65273415/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/ http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html http://news.ycombinator.com/item?id=4510829 http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312 http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512 http://www.ekoparty.org/2012/thai-duong.php http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091 http://www.theregister.co.uk/2012/09/14/crime_tls_attack/ https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls https://gist.github.com/3696912 https://github.com/mpgn/CRIME-poc https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920 RedHat Security Advisories: RHSA-2013:0587 http://rhn.redhat.com/errata/RHSA-2013-0587.html SuSE Security Announcement: openSUSE-SU-2012:1420 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html SuSE Security Announcement: openSUSE-SU-2013:0143 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html SuSE Security Announcement: openSUSE-SU-2013:0157 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html http://www.ubuntu.com/usn/USN-1627-1 http://www.ubuntu.com/usn/USN-1628-1 http://www.ubuntu.com/usn/USN-1898-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-0166 http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html CERT/CC vulnerability note: VU#737740 http://www.kb.cert.org/vuls/id/737740 Debian Security Information: DSA-2621 (Google Search) http://www.debian.org/security/2013/dsa-2621 HPdes Security Advisory: HPSBOV02852 http://marc.info/?l=bugtraq&m=136432043316835&w=2 HPdes Security Advisory: HPSBUX02856 http://marc.info/?l=bugtraq&m=136396549913849&w=2 HPdes Security Advisory: HPSBUX02909 http://marc.info/?l=bugtraq&m=137545771702053&w=2 HPdes Security Advisory: SSRT101104 HPdes Security Advisory: SSRT101108 HPdes Security Advisory: SSRT101289 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487 RedHat Security Advisories: RHSA-2013:0782 http://rhn.redhat.com/errata/RHSA-2013-0782.html RedHat Security Advisories: RHSA-2013:0783 http://rhn.redhat.com/errata/RHSA-2013-0783.html RedHat Security Advisories: RHSA-2013:0833 http://rhn.redhat.com/errata/RHSA-2013-0833.html http://secunia.com/advisories/53623 http://secunia.com/advisories/55108 http://secunia.com/advisories/55139 SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2013-0169 BugTraq ID: 57778 http://www.securityfocus.com/bid/57778 Cert/CC Advisory: TA13-051A http://www.us-cert.gov/cas/techalerts/TA13-051A.html Debian Security Information: DSA-2622 (Google Search) http://www.debian.org/security/2013/dsa-2622 http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBMU02874 http://marc.info/?l=bugtraq&m=136733161405818&w=2 HPdes Security Advisory: HPSBUX02857 http://marc.info/?l=bugtraq&m=136439120408139&w=2 HPdes Security Advisory: SSRT101103 HPdes Security Advisory: SSRT101184 http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/ http://www.isg.rhul.ac.uk/tls/TLStiming.pdf https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html http://openwall.com/lists/oss-security/2013/02/05/24 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608 RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html RedHat Security Advisories: RHSA-2013:1456 http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.securitytracker.com/id/1029190 http://secunia.com/advisories/55322 http://secunia.com/advisories/55350 http://secunia.com/advisories/55351 SuSE Security Announcement: SUSE-SU-2013:0328 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html SuSE Security Announcement: SUSE-SU-2013:0701 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html SuSE Security Announcement: openSUSE-SU-2013:0375 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html SuSE Security Announcement: openSUSE-SU-2013:0378 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html http://www.ubuntu.com/usn/USN-1735-1
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.