Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.882062
Category:CentOS Local Security Checks
Title:CentOS Update for openssl CESA-2014:1652 centos7
Summary:Check the version of openssl
Description:Summary:
Check the version of openssl

Vulnerability Insight:
OpenSSL is a toolkit that implements the
Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport
Layer Security (DTLS) protocols, as well as a full-strength, general purpose
cryptography library.

This update adds support for the TLS Fallback Signaling Cipher Suite Value
(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade
attacks against applications which re-connect using a lower SSL/TLS
protocol version when the initial connection indicating the highest
supported protocol version fails.

This can prevent a forceful downgrade of the communication to SSL 3.0.
The SSL 3.0 protocol was found to be vulnerable to the padding oracle
attack when using block cipher suites in cipher block chaining (CBC) mode.
This issue is identified as CVE-2014-3566, and also known under the alias
POODLE. This SSL 3.0 protocol flaw will not be addressed in a future
update it is recommended that users configure their applications to
require at least TLS protocol version 1.0 for secure communication.

For additional information about this flaw, see the linked Knowledgebase article.

A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure
Real-time Transport Protocol (SRTP) extension data. A remote attacker could
send multiple specially crafted handshake messages to exhaust all available
memory of an SSL/TLS or DTLS server. (CVE-2014-3513)

A memory leak flaw was found in the way an OpenSSL handled failed session
ticket integrity checks. A remote attacker could exhaust all available
memory of an SSL/TLS or DTLS server by sending a large number of invalid
session tickets to that server. (CVE-2014-3567)

All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to mitigate the CVE-2014-3566 issue and correct
the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,
all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.

Affected Software/OS:
openssl on CentOS 7

Solution:
Please install the updated packages.

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-3513
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
BugTraq ID: 70584
http://www.securityfocus.com/bid/70584
Debian Security Information: DSA-3053 (Google Search)
http://www.debian.org/security/2014/dsa-3053
http://security.gentoo.org/glsa/glsa-201412-39.xml
HPdes Security Advisory: HPSBGN03233
http://marc.info/?l=bugtraq&m=142118135300698&w=2
HPdes Security Advisory: HPSBHF03300
http://marc.info/?l=bugtraq&m=142804214608580&w=2
HPdes Security Advisory: HPSBMU03223
http://marc.info/?l=bugtraq&m=143290583027876&w=2
HPdes Security Advisory: HPSBMU03260
http://marc.info/?l=bugtraq&m=142495837901899&w=2
HPdes Security Advisory: HPSBMU03261
http://marc.info/?l=bugtraq&m=143290522027658&w=2
HPdes Security Advisory: HPSBMU03263
http://marc.info/?l=bugtraq&m=143290437727362&w=2
HPdes Security Advisory: HPSBMU03267
http://marc.info/?l=bugtraq&m=142624590206005&w=2
HPdes Security Advisory: HPSBMU03296
http://marc.info/?l=bugtraq&m=142834685803386&w=2
HPdes Security Advisory: HPSBMU03304
http://marc.info/?l=bugtraq&m=142791032306609&w=2
HPdes Security Advisory: SSRT101739
HPdes Security Advisory: SSRT101868
HPdes Security Advisory: SSRT101894
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
NETBSD Security Advisory: NetBSD-SA2014-015
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc
RedHat Security Advisories: RHSA-2014:1652
http://rhn.redhat.com/errata/RHSA-2014-1652.html
RedHat Security Advisories: RHSA-2014:1692
http://rhn.redhat.com/errata/RHSA-2014-1692.html
http://www.securitytracker.com/id/1031052
http://secunia.com/advisories/59627
http://secunia.com/advisories/61058
http://secunia.com/advisories/61073
http://secunia.com/advisories/61207
http://secunia.com/advisories/61298
http://secunia.com/advisories/61439
http://secunia.com/advisories/61837
http://secunia.com/advisories/61959
http://secunia.com/advisories/61990
http://secunia.com/advisories/62070
SuSE Security Announcement: SUSE-SU-2014:1357 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html
SuSE Security Announcement: openSUSE-SU-2014:1331 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html
http://www.ubuntu.com/usn/USN-2385-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-3567
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
BugTraq ID: 70586
http://www.securityfocus.com/bid/70586
HPdes Security Advisory: HPSBOV03227
http://marc.info/?l=bugtraq&m=142103967620673&w=2
HPdes Security Advisory: HPSBUX03162
http://marc.info/?l=bugtraq&m=141477196830952&w=2
HPdes Security Advisory: SSRT101767
HPdes Security Advisory: SSRT101779
http://www.mandriva.com/security/advisories?name=MDVSA-2014:203
RedHat Security Advisories: RHSA-2015:0126
http://rhn.redhat.com/errata/RHSA-2015-0126.html
http://secunia.com/advisories/61130
http://secunia.com/advisories/61819
http://secunia.com/advisories/62030
http://secunia.com/advisories/62124
SuSE Security Announcement: SUSE-SU-2014:1361 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html
SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-3566
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
http://www.securityfocus.com/archive/1/533724/100/0/threaded
http://www.securityfocus.com/archive/1/533747
http://www.securityfocus.com/archive/1/533746
BugTraq ID: 70574
http://www.securityfocus.com/bid/70574
Cert/CC Advisory: TA14-290A
http://www.us-cert.gov/ncas/alerts/TA14-290A
CERT/CC vulnerability note: VU#577193
http://www.kb.cert.org/vuls/id/577193
Cisco Security Advisory: 20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
Debian Security Information: DSA-3144 (Google Search)
http://www.debian.org/security/2015/dsa-3144
Debian Security Information: DSA-3147 (Google Search)
http://www.debian.org/security/2015/dsa-3147
Debian Security Information: DSA-3253 (Google Search)
http://www.debian.org/security/2015/dsa-3253
Debian Security Information: DSA-3489 (Google Search)
http://www.debian.org/security/2016/dsa-3489
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html
https://security.gentoo.org/glsa/201507-14
https://security.gentoo.org/glsa/201606-11
HPdes Security Advisory: HPSBGN03164
http://marc.info/?l=bugtraq&m=141577350823734&w=2
HPdes Security Advisory: HPSBGN03191
http://marc.info/?l=bugtraq&m=141576815022399&w=2
HPdes Security Advisory: HPSBGN03192
http://marc.info/?l=bugtraq&m=141620103726640&w=2
HPdes Security Advisory: HPSBGN03201
http://marc.info/?l=bugtraq&m=141697638231025&w=2
HPdes Security Advisory: HPSBGN03202
http://marc.info/?l=bugtraq&m=141703183219781&w=2
HPdes Security Advisory: HPSBGN03203
http://marc.info/?l=bugtraq&m=141697676231104&w=2
HPdes Security Advisory: HPSBGN03205
http://marc.info/?l=bugtraq&m=141775427104070&w=2
HPdes Security Advisory: HPSBGN03208
http://marc.info/?l=bugtraq&m=141814011518700&w=2
HPdes Security Advisory: HPSBGN03209
http://marc.info/?l=bugtraq&m=141715130023061&w=2
HPdes Security Advisory: HPSBGN03222
http://marc.info/?l=bugtraq&m=141813976718456&w=2
HPdes Security Advisory: HPSBGN03237
http://marc.info/?l=bugtraq&m=142296755107581&w=2
HPdes Security Advisory: HPSBGN03251
http://marc.info/?l=bugtraq&m=142354438527235&w=2
HPdes Security Advisory: HPSBGN03252
http://marc.info/?l=bugtraq&m=142350743917559&w=2
HPdes Security Advisory: HPSBGN03253
http://marc.info/?l=bugtraq&m=142350196615714&w=2
HPdes Security Advisory: HPSBGN03254
http://marc.info/?l=bugtraq&m=142350298616097&w=2
HPdes Security Advisory: HPSBGN03255
http://marc.info/?l=bugtraq&m=142357976805598&w=2
HPdes Security Advisory: HPSBGN03305
http://marc.info/?l=bugtraq&m=142962817202793&w=2
HPdes Security Advisory: HPSBGN03332
http://marc.info/?l=bugtraq&m=143290371927178&w=2
HPdes Security Advisory: HPSBGN03391
http://marc.info/?l=bugtraq&m=144294141001552&w=2
HPdes Security Advisory: HPSBGN03569
http://marc.info/?l=bugtraq&m=145983526810210&w=2
HPdes Security Advisory: HPSBHF03156
http://marc.info/?l=bugtraq&m=141450973807288&w=2
HPdes Security Advisory: HPSBHF03275
http://marc.info/?l=bugtraq&m=142721887231400&w=2
HPdes Security Advisory: HPSBHF03293
http://marc.info/?l=bugtraq&m=142660345230545&w=2
HPdes Security Advisory: HPSBMU03152
http://marc.info/?l=bugtraq&m=141450452204552&w=2
HPdes Security Advisory: HPSBMU03183
http://marc.info/?l=bugtraq&m=141628688425177&w=2
HPdes Security Advisory: HPSBMU03184
http://marc.info/?l=bugtraq&m=141577087123040&w=2
HPdes Security Advisory: HPSBMU03214
http://marc.info/?l=bugtraq&m=141694355519663&w=2
HPdes Security Advisory: HPSBMU03221
http://marc.info/?l=bugtraq&m=141879378918327&w=2
HPdes Security Advisory: HPSBMU03234
http://marc.info/?l=bugtraq&m=143628269912142&w=2
HPdes Security Advisory: HPSBMU03241
http://marc.info/?l=bugtraq&m=143039249603103&w=2
HPdes Security Advisory: HPSBMU03259
http://marc.info/?l=bugtraq&m=142624619906067&w=2
HPdes Security Advisory: HPSBMU03262
http://marc.info/?l=bugtraq&m=142624719706349&w=2
HPdes Security Advisory: HPSBMU03283
http://marc.info/?l=bugtraq&m=142624679706236&w=2
HPdes Security Advisory: HPSBMU03294
http://marc.info/?l=bugtraq&m=142740155824959&w=2
HPdes Security Advisory: HPSBMU03301
http://marc.info/?l=bugtraq&m=142721830231196&w=2
HPdes Security Advisory: HPSBMU03416
http://marc.info/?l=bugtraq&m=144101915224472&w=2
HPdes Security Advisory: HPSBPI03107
http://marc.info/?l=bugtraq&m=143558137709884&w=2
HPdes Security Advisory: HPSBPI03360
http://marc.info/?l=bugtraq&m=143558192010071&w=2
HPdes Security Advisory: HPSBST03195
http://marc.info/?l=bugtraq&m=142805027510172&w=2
HPdes Security Advisory: HPSBST03265
http://marc.info/?l=bugtraq&m=142546741516006&w=2
HPdes Security Advisory: HPSBST03418
http://marc.info/?l=bugtraq&m=144251162130364&w=2
HPdes Security Advisory: HPSBUX03194
http://marc.info/?l=bugtraq&m=143101048219218&w=2
HPdes Security Advisory: HPSBUX03273
http://marc.info/?l=bugtraq&m=142496355704097&w=2
HPdes Security Advisory: HPSBUX03281
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581
HPdes Security Advisory: SSRT101790
HPdes Security Advisory: SSRT101795
HPdes Security Advisory: SSRT101834
HPdes Security Advisory: SSRT101838
HPdes Security Advisory: SSRT101846
HPdes Security Advisory: SSRT101849
HPdes Security Advisory: SSRT101854
HPdes Security Advisory: SSRT101892
HPdes Security Advisory: SSRT101896
HPdes Security Advisory: SSRT101897
HPdes Security Advisory: SSRT101898
HPdes Security Advisory: SSRT101899
HPdes Security Advisory: SSRT101916
HPdes Security Advisory: SSRT101921
HPdes Security Advisory: SSRT101922
http://marc.info/?l=bugtraq&m=142624619906067
HPdes Security Advisory: SSRT101928
HPdes Security Advisory: SSRT101951
HPdes Security Advisory: SSRT101968
http://marc.info/?l=bugtraq&m=142607790919348&w=2
HPdes Security Advisory: SSRT101998
http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
https://github.com/mpgn/poodle-PoC
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
http://marc.info/?l=openssl-dev&m=141333049205629&w=2
RedHat Security Advisories: RHSA-2014:1653
http://rhn.redhat.com/errata/RHSA-2014-1653.html
RedHat Security Advisories: RHSA-2014:1876
http://rhn.redhat.com/errata/RHSA-2014-1876.html
RedHat Security Advisories: RHSA-2014:1877
http://rhn.redhat.com/errata/RHSA-2014-1877.html
RedHat Security Advisories: RHSA-2014:1880
http://rhn.redhat.com/errata/RHSA-2014-1880.html
RedHat Security Advisories: RHSA-2014:1881
http://rhn.redhat.com/errata/RHSA-2014-1881.html
RedHat Security Advisories: RHSA-2014:1882
http://rhn.redhat.com/errata/RHSA-2014-1882.html
RedHat Security Advisories: RHSA-2014:1920
http://rhn.redhat.com/errata/RHSA-2014-1920.html
RedHat Security Advisories: RHSA-2014:1948
http://rhn.redhat.com/errata/RHSA-2014-1948.html
RedHat Security Advisories: RHSA-2015:0068
http://rhn.redhat.com/errata/RHSA-2015-0068.html
RedHat Security Advisories: RHSA-2015:0079
http://rhn.redhat.com/errata/RHSA-2015-0079.html
RedHat Security Advisories: RHSA-2015:0080
http://rhn.redhat.com/errata/RHSA-2015-0080.html
RedHat Security Advisories: RHSA-2015:0085
http://rhn.redhat.com/errata/RHSA-2015-0085.html
RedHat Security Advisories: RHSA-2015:0086
http://rhn.redhat.com/errata/RHSA-2015-0086.html
RedHat Security Advisories: RHSA-2015:0264
http://rhn.redhat.com/errata/RHSA-2015-0264.html
RedHat Security Advisories: RHSA-2015:0698
http://rhn.redhat.com/errata/RHSA-2015-0698.html
RedHat Security Advisories: RHSA-2015:1545
http://rhn.redhat.com/errata/RHSA-2015-1545.html
RedHat Security Advisories: RHSA-2015:1546
http://rhn.redhat.com/errata/RHSA-2015-1546.html
http://www.securitytracker.com/id/1031029
http://www.securitytracker.com/id/1031039
http://www.securitytracker.com/id/1031085
http://www.securitytracker.com/id/1031086
http://www.securitytracker.com/id/1031087
http://www.securitytracker.com/id/1031088
http://www.securitytracker.com/id/1031089
http://www.securitytracker.com/id/1031090
http://www.securitytracker.com/id/1031091
http://www.securitytracker.com/id/1031092
http://www.securitytracker.com/id/1031093
http://www.securitytracker.com/id/1031094
http://www.securitytracker.com/id/1031095
http://www.securitytracker.com/id/1031096
http://www.securitytracker.com/id/1031105
http://www.securitytracker.com/id/1031106
http://www.securitytracker.com/id/1031107
http://www.securitytracker.com/id/1031120
http://www.securitytracker.com/id/1031123
http://www.securitytracker.com/id/1031124
http://www.securitytracker.com/id/1031130
http://www.securitytracker.com/id/1031131
http://www.securitytracker.com/id/1031132
http://secunia.com/advisories/60056
http://secunia.com/advisories/60206
http://secunia.com/advisories/60792
http://secunia.com/advisories/60859
http://secunia.com/advisories/61019
http://secunia.com/advisories/61303
http://secunia.com/advisories/61316
http://secunia.com/advisories/61345
http://secunia.com/advisories/61359
http://secunia.com/advisories/61782
http://secunia.com/advisories/61810
http://secunia.com/advisories/61825
http://secunia.com/advisories/61827
http://secunia.com/advisories/61926
http://secunia.com/advisories/61995
SuSE Security Announcement: SUSE-SU-2014:1526 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html
SuSE Security Announcement: SUSE-SU-2014:1549 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html
SuSE Security Announcement: SUSE-SU-2015:0336 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html
SuSE Security Announcement: SUSE-SU-2015:0344 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html
SuSE Security Announcement: SUSE-SU-2015:0345 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html
SuSE Security Announcement: SUSE-SU-2015:0376 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html
SuSE Security Announcement: SUSE-SU-2015:0392 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html
SuSE Security Announcement: SUSE-SU-2015:0503 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html
SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
SuSE Security Announcement: SUSE-SU-2016:1457 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html
SuSE Security Announcement: SUSE-SU-2016:1459 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html
SuSE Security Announcement: openSUSE-SU-2015:0190 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html
http://www.ubuntu.com/usn/USN-2486-1
http://www.ubuntu.com/usn/USN-2487-1
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.