SuSE Local Security Checks : SUSE: Security Advisory (SUSE-SU-2018:2041-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.4.2018.2041.1

Categoría: SuSE Local Security Checks

Título: SUSE: Security Advisory (SUSE-SU-2018:2041-1)

Resumen: The remote host is missing an update for the 'openssl-1_1' package(s) announced via the SUSE-SU-2018:2041-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'openssl-1_1' package(s) announced via the SUSE-SU-2018:2041-1 advisory.

Vulnerability Insight:
This update for openssl-1_1 fixes the following issues:
- CVE-2018-0732: During key agreement in a TLS handshake using a DH(E)
based ciphersuite a malicious server could have sent a very large prime
value to the client. This caused the client to spend an unreasonably
long period of time generating a key for this prime resulting in a hang
until the client has finished. This could be exploited in a Denial Of
Service attack (bsc#1097158).
- Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592)

Affected Software/OS:
'openssl-1_1' package(s) on SUSE Linux Enterprise Module for Legacy Software 15.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-0732
BugTraq ID: 104442
http://www.securityfocus.com/bid/104442
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
https://security.netapp.com/advisory/ntap-20181105-0001/
https://security.netapp.com/advisory/ntap-20190118-0002/
https://securityadvisories.paloaltonetworks.com/Home/Detail/133
https://www.openssl.org/news/secadv/20180612.txt
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.tenable.com/security/tns-2018-12
https://www.tenable.com/security/tns-2018-13
https://www.tenable.com/security/tns-2018-14
https://www.tenable.com/security/tns-2018-17
Debian Security Information: DSA-4348 (Google Search)
https://www.debian.org/security/2018/dsa-4348
Debian Security Information: DSA-4355 (Google Search)
https://www.debian.org/security/2018/dsa-4355
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
https://security.gentoo.org/glsa/201811-03
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html
RedHat Security Advisories: RHSA-2018:2552
https://access.redhat.com/errata/RHSA-2018:2552
RedHat Security Advisories: RHSA-2018:2553
https://access.redhat.com/errata/RHSA-2018:2553
RedHat Security Advisories: RHSA-2018:3221
https://access.redhat.com/errata/RHSA-2018:3221
RedHat Security Advisories: RHSA-2018:3505
https://access.redhat.com/errata/RHSA-2018:3505
RedHat Security Advisories: RHSA-2019:1296
https://access.redhat.com/errata/RHSA-2019:1296
RedHat Security Advisories: RHSA-2019:1297
https://access.redhat.com/errata/RHSA-2019:1297
RedHat Security Advisories: RHSA-2019:1543
https://access.redhat.com/errata/RHSA-2019:1543
http://www.securitytracker.com/id/1041090
https://usn.ubuntu.com/3692-1/
https://usn.ubuntu.com/3692-2/

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.4.2018.2041.1
Categoría:	SuSE Local Security Checks
Título:	SUSE: Security Advisory (SUSE-SU-2018:2041-1)
Resumen:	The remote host is missing an update for the 'openssl-1_1' package(s) announced via the SUSE-SU-2018:2041-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssl-1_1' package(s) announced via the SUSE-SU-2018:2041-1 advisory. Vulnerability Insight: This update for openssl-1_1 fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Affected Software/OS: 'openssl-1_1' package(s) on SUSE Linux Enterprise Module for Legacy Software 15. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-0732 BugTraq ID: 104442 http://www.securityfocus.com/bid/104442 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4 https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/ https://security.netapp.com/advisory/ntap-20181105-0001/ https://security.netapp.com/advisory/ntap-20190118-0002/ https://securityadvisories.paloaltonetworks.com/Home/Detail/133 https://www.openssl.org/news/secadv/20180612.txt https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.tenable.com/security/tns-2018-12 https://www.tenable.com/security/tns-2018-13 https://www.tenable.com/security/tns-2018-14 https://www.tenable.com/security/tns-2018-17 Debian Security Information: DSA-4348 (Google Search) https://www.debian.org/security/2018/dsa-4348 Debian Security Information: DSA-4355 (Google Search) https://www.debian.org/security/2018/dsa-4355 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/ https://security.gentoo.org/glsa/201811-03 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html RedHat Security Advisories: RHSA-2018:2552 https://access.redhat.com/errata/RHSA-2018:2552 RedHat Security Advisories: RHSA-2018:2553 https://access.redhat.com/errata/RHSA-2018:2553 RedHat Security Advisories: RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3221 RedHat Security Advisories: RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2018:3505 RedHat Security Advisories: RHSA-2019:1296 https://access.redhat.com/errata/RHSA-2019:1296 RedHat Security Advisories: RHSA-2019:1297 https://access.redhat.com/errata/RHSA-2019:1297 RedHat Security Advisories: RHSA-2019:1543 https://access.redhat.com/errata/RHSA-2019:1543 http://www.securitytracker.com/id/1041090 https://usn.ubuntu.com/3692-1/ https://usn.ubuntu.com/3692-2/
Copyright	Copyright (C) 2021 Greenbone Networks GmbH