 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.123280 |
| Categoría: | Oracle Linux Local Security Checks |
| Título: | Oracle: Security Advisory (ELSA-2014-1652) |
| Resumen: | The remote host is missing an update for the 'openssl' package(s) announced via the ELSA-2014-1652 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'openssl' package(s) announced via the ELSA-2014-1652 advisory. Vulnerability Insight: [1.0.1e-30.2] - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) [1.0.1e-30] - add ECC TLS extensions to DTLS (#1119800) [1.0.1e-29] - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation [1.0.1e-28] - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support [1.0.1e-26] - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set [1.0.1e-25] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH [1.0.1e-24] - add back support for secp521r1 EC curve [1.0.1e-23] - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension [1.0.1e-22] - use 2048 bit RSA key in FIPS selftests [1.0.1e-21] - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add() - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked [1.0.1e-20] - fix CVE-2013-4353 - Invalid TLS handshake crash [1.0.1e-19] - fix CVE-2013-6450 - possible MiTM attack on DTLS1 [1.0.1e-18] - fix CVE-2013-6449 - crash when version in SSL structure is incorrect [1.0.1e-17] - add back some no-op symbols that were inadvertently dropped Affected Software/OS: 'openssl' package(s) on Oracle Linux 6, Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3513 http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html BugTraq ID: 70584 http://www.securityfocus.com/bid/70584 Debian Security Information: DSA-3053 (Google Search) http://www.debian.org/security/2014/dsa-3053 http://security.gentoo.org/glsa/glsa-201412-39.xml HPdes Security Advisory: HPSBGN03233 http://marc.info/?l=bugtraq&m=142118135300698&w=2 HPdes Security Advisory: HPSBHF03300 http://marc.info/?l=bugtraq&m=142804214608580&w=2 HPdes Security Advisory: HPSBMU03223 http://marc.info/?l=bugtraq&m=143290583027876&w=2 HPdes Security Advisory: HPSBMU03260 http://marc.info/?l=bugtraq&m=142495837901899&w=2 HPdes Security Advisory: HPSBMU03261 http://marc.info/?l=bugtraq&m=143290522027658&w=2 HPdes Security Advisory: HPSBMU03263 http://marc.info/?l=bugtraq&m=143290437727362&w=2 HPdes Security Advisory: HPSBMU03267 http://marc.info/?l=bugtraq&m=142624590206005&w=2 HPdes Security Advisory: HPSBMU03296 http://marc.info/?l=bugtraq&m=142834685803386&w=2 HPdes Security Advisory: HPSBMU03304 http://marc.info/?l=bugtraq&m=142791032306609&w=2 HPdes Security Advisory: SSRT101739 HPdes Security Advisory: SSRT101868 HPdes Security Advisory: SSRT101894 http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 NETBSD Security Advisory: NetBSD-SA2014-015 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc RedHat Security Advisories: RHSA-2014:1652 http://rhn.redhat.com/errata/RHSA-2014-1652.html RedHat Security Advisories: RHSA-2014:1692 http://rhn.redhat.com/errata/RHSA-2014-1692.html http://www.securitytracker.com/id/1031052 http://secunia.com/advisories/59627 http://secunia.com/advisories/61058 http://secunia.com/advisories/61073 http://secunia.com/advisories/61207 http://secunia.com/advisories/61298 http://secunia.com/advisories/61439 http://secunia.com/advisories/61837 http://secunia.com/advisories/61959 http://secunia.com/advisories/61990 http://secunia.com/advisories/62070 SuSE Security Announcement: SUSE-SU-2014:1357 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html SuSE Security Announcement: openSUSE-SU-2014:1331 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html http://www.ubuntu.com/usn/USN-2385-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3567 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html BugTraq ID: 70586 http://www.securityfocus.com/bid/70586 HPdes Security Advisory: HPSBOV03227 http://marc.info/?l=bugtraq&m=142103967620673&w=2 HPdes Security Advisory: HPSBUX03162 http://marc.info/?l=bugtraq&m=141477196830952&w=2 HPdes Security Advisory: SSRT101767 HPdes Security Advisory: SSRT101779 http://www.mandriva.com/security/advisories?name=MDVSA-2014:203 RedHat Security Advisories: RHSA-2015:0126 http://rhn.redhat.com/errata/RHSA-2015-0126.html http://secunia.com/advisories/61130 http://secunia.com/advisories/61819 http://secunia.com/advisories/62030 http://secunia.com/advisories/62124 SuSE Security Announcement: SUSE-SU-2014:1361 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |