Test ID:	1.3.6.1.4.1.25623.1.0.844450
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory for openssl (USN-4376-1)
Summary:	The remote host is missing an update for the 'openssl'; package(s) announced via the USN-4376-1 advisory.
Description:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the USN-4376-1 advisory. Vulnerability Insight: Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. (CVE-2019-1547) Matt Caswell discovered that OpenSSL incorrectly handled the random number generator (RNG). This may result in applications that use the fork() system call sharing the same RNG state between the parent and the child, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-1549) Guido Vranken discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. (CVE-2019-1551) Bernd Edlinger discovered that OpenSSL incorrectly handled certain decryption functions. In certain scenarios, a remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. (CVE-2019-1563) Affected Software/OS: 'openssl' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-1547 Bugtraq: 20190912 [slackware-security] openssl (SSA:2019-254-03) (Google Search) https://seclists.org/bugtraq/2019/Sep/25 Bugtraq: 20191001 [SECURITY] [DSA 4539-1] openssl security update (Google Search) https://seclists.org/bugtraq/2019/Oct/1 Bugtraq: 20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update (Google Search) https://seclists.org/bugtraq/2019/Oct/0 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a https://security.netapp.com/advisory/ntap-20190919-0002/ https://security.netapp.com/advisory/ntap-20200122-0002/ https://security.netapp.com/advisory/ntap-20200416-0003/ https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS https://www.openssl.org/news/secadv/20190910.txt https://www.tenable.com/security/tns-2019-08 https://www.tenable.com/security/tns-2019-09 Debian Security Information: DSA-4539 (Google Search) https://www.debian.org/security/2019/dsa-4539 Debian Security Information: DSA-4540 (Google Search) https://www.debian.org/security/2019/dsa-4540 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/ https://security.gentoo.org/glsa/201911-04 http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html https://arxiv.org/abs/1909.01785 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html SuSE Security Announcement: openSUSE-SU-2019:2158 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html SuSE Security Announcement: openSUSE-SU-2019:2189 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html SuSE Security Announcement: openSUSE-SU-2019:2268 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html SuSE Security Announcement: openSUSE-SU-2019:2269 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html https://usn.ubuntu.com/4376-1/ https://usn.ubuntu.com/4376-2/ https://usn.ubuntu.com/4504-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-1549 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be https://support.f5.com/csp/article/K44070243 https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS Common Vulnerability Exposure (CVE) ID: CVE-2019-1551 Bugtraq: 20191225 [slackware-security] openssl (SSA:2019-354-01) (Google Search) https://seclists.org/bugtraq/2019/Dec/39 Bugtraq: 20191229 [SECURITY] [DSA 4594-1] openssl1.0 security update (Google Search) https://seclists.org/bugtraq/2019/Dec/46 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98 https://security.netapp.com/advisory/ntap-20191210-0001/ https://www.openssl.org/news/secadv/20191206.txt https://www.tenable.com/security/tns-2020-03 https://www.tenable.com/security/tns-2020-11 https://www.tenable.com/security/tns-2021-10 Debian Security Information: DSA-4594 (Google Search) https://www.debian.org/security/2019/dsa-4594 Debian Security Information: DSA-4855 (Google Search) https://www.debian.org/security/2021/dsa-4855 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/ https://security.gentoo.org/glsa/202004-10 http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html SuSE Security Announcement: openSUSE-SU-2020:0062 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html Common Vulnerability Exposure (CVE) ID: CVE-2019-1563 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.