Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2015.0172.2
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2015:0172-2)
Resumen:The remote host is missing an update for the 'OpenSSL' package(s) announced via the SUSE-SU-2015:0172-2 advisory.
Descripción:Summary:
The remote host is missing an update for the 'OpenSSL' package(s) announced via the SUSE-SU-2015:0172-2 advisory.

Vulnerability Insight:
OpenSSL has been updated to fix various security issues.

More information can be found in the OpenSSL advisory:
[link moved to references] .
The following issues have been fixed:
*
CVE-2014-3570: Bignum squaring (BN_sqr) may produce incorrect results
on some platforms, including x86_64. (bsc#912296)
*
CVE-2014-3571: Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. (bsc#912294)
*
CVE-2014-3572: Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. (bsc#912015)
*
CVE-2014-8275: Fix various certificate fingerprint issues.
(bsc#912018)
*
CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites.
(bsc#912014)
*
CVE-2015-0205: OpenSSL 0.9.8j is NOT vulnerable to CVE-2015-0205 as it doesn't support DH certificates and this typo prohibits skipping
of certificate verify message for sign only certificates anyway.
(bsc#912293)
Security Issues:
* CVE-2014-8275
* CVE-2014-3571
* CVE-2015-0204
* CVE-2014-3572
* CVE-2014-3570
* CVE-2015-0205

Affected Software/OS:
'OpenSSL' package(s) on SUSE Linux Enterprise Desktop 11 SP3, SUSE Linux Enterprise Server 11 SP1, SUSE Linux Enterprise Server 11 SP2, SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Software Development Kit 11 SP3.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3570
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
BugTraq ID: 71939
http://www.securityfocus.com/bid/71939
Cisco Security Advisory: 20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
Debian Security Information: DSA-3125 (Google Search)
http://www.debian.org/security/2015/dsa-3125
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html
HPdes Security Advisory: HPSBGN03299
http://marc.info/?l=bugtraq&m=142720981827617&w=2
HPdes Security Advisory: HPSBHF03289
http://marc.info/?l=bugtraq&m=142721102728110&w=2
HPdes Security Advisory: HPSBMU03380
http://marc.info/?l=bugtraq&m=143748090628601&w=2
HPdes Security Advisory: HPSBMU03396
http://marc.info/?l=bugtraq&m=144050205101530&w=2
HPdes Security Advisory: HPSBMU03397
http://marc.info/?l=bugtraq&m=144050297101809&w=2
HPdes Security Advisory: HPSBMU03409
http://marc.info/?l=bugtraq&m=144050155601375&w=2
HPdes Security Advisory: HPSBMU03413
http://marc.info/?l=bugtraq&m=144050254401665&w=2
HPdes Security Advisory: HPSBOV03318
http://marc.info/?l=bugtraq&m=142895206924048&w=2
HPdes Security Advisory: HPSBUX03162
http://marc.info/?l=bugtraq&m=142496179803395&w=2
HPdes Security Advisory: HPSBUX03244
http://marc.info/?l=bugtraq&m=142496289803847&w=2
HPdes Security Advisory: SSRT101885
HPdes Security Advisory: SSRT101987
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
RedHat Security Advisories: RHSA-2015:0066
http://rhn.redhat.com/errata/RHSA-2015-0066.html
RedHat Security Advisories: RHSA-2015:0849
http://rhn.redhat.com/errata/RHSA-2015-0849.html
RedHat Security Advisories: RHSA-2016:1650
http://rhn.redhat.com/errata/RHSA-2016-1650.html
http://www.securitytracker.com/id/1033378
SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
SuSE Security Announcement: SUSE-SU-2015:0946 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
SuSE Security Announcement: openSUSE-SU-2015:0130 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
SuSE Security Announcement: openSUSE-SU-2015:1277 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-3571
BugTraq ID: 71937
http://www.securityfocus.com/bid/71937
Common Vulnerability Exposure (CVE) ID: CVE-2014-3572
BugTraq ID: 71942
http://www.securityfocus.com/bid/71942
Common Vulnerability Exposure (CVE) ID: CVE-2014-8275
BugTraq ID: 71935
http://www.securityfocus.com/bid/71935
RedHat Security Advisories: RHSA-2015:0800
http://rhn.redhat.com/errata/RHSA-2015-0800.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-0204
BugTraq ID: 71936
http://www.securityfocus.com/bid/71936
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
https://security.gentoo.org/glsa/201503-11
HPdes Security Advisory: HPSBMU03345
http://marc.info/?l=bugtraq&m=144043644216842&w=2
HPdes Security Advisory: HPSBUX03334
http://marc.info/?l=bugtraq&m=143213830203296&w=2
HPdes Security Advisory: SSRT102000
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063
https://freakattack.com/
SuSE Security Announcement: SUSE-SU-2015:1085 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
SuSE Security Announcement: SUSE-SU-2015:1086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
SuSE Security Announcement: SUSE-SU-2015:1138 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
SuSE Security Announcement: SUSE-SU-2015:1161 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html
SuSE Security Announcement: SUSE-SU-2015:2166 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
SuSE Security Announcement: SUSE-SU-2015:2168 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
SuSE Security Announcement: SUSE-SU-2015:2182 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
SuSE Security Announcement: SUSE-SU-2015:2192 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
SuSE Security Announcement: SUSE-SU-2015:2216 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
SuSE Security Announcement: SUSE-SU-2016:0113 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
XForce ISS Database: openssl-cve20150204-weak-security(99707)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99707
Common Vulnerability Exposure (CVE) ID: CVE-2015-0205
BugTraq ID: 71941
http://www.securityfocus.com/bid/71941
XForce ISS Database: openssl-cve20150205-sec-bypass(99708)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99708
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2021 E-Soft Inc. Todos los derechos reservados.