Test Kennung:	1.3.6.1.4.1.25623.1.0.61470
Kategorie:	Slackware Local Security Checks
Titel:	Slackware: Security Advisory (SSA:2008-210-08)
Zusammenfassung:	The remote host is missing an update for the 'openssl' package(s) announced via the SSA:2008-210-08 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the SSA:2008-210-08 advisory. Vulnerability Insight: New openssl packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues. More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database: [links moved to references] Upgraded OpenSSH packages have been provided to make sure that ssh is not broken my the update -- especially if your machine is a remote one, be SURE to upgrade to the new openssh package as well! Here are the details from the Slackware 12.1 ChangeLog: +--------------------------+ patches/packages/openssl-0.9.8h-i486-1_slack12.1.tgz: Upgraded to OpenSSL 0.9.8h. The Codenomicon TLS test suite uncovered security bugs in OpenSSL. If OpenSSL was compiled using non-default options (Slackware's package is not), then a malicious packet could cause a crash. Also, a malformed TLS handshake could also lead to a crash. For more information, see: [links moved to references] When upgrading OpenSSL, it is VERY IMPORTANT to also upgrade OpenSSH, or it is possible to be unable to log back into sshd! (* Security fix *) +--------------------------+ Affected Software/OS: 'openssl' package(s) on Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0891 1020121 http://www.securitytracker.com/id?1020121 29405 http://www.securityfocus.com/bid/29405 30405 http://secunia.com/advisories/30405 30460 http://secunia.com/advisories/30460 30825 http://secunia.com/advisories/30825 30852 http://secunia.com/advisories/30852 30868 http://secunia.com/advisories/30868 31228 http://secunia.com/advisories/31228 31288 http://secunia.com/advisories/31288 ADV-2008-1680 http://www.vupen.com/english/advisories/2008/1680 ADV-2008-1937 http://www.vupen.com/english/advisories/2008/1937/references FEDORA-2008-4723 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html GLSA-200806-08 http://security.gentoo.org/glsa/glsa-200806-08.xml MDVSA-2008:107 http://www.mandriva.com/security/advisories?name=MDVSA-2008:107 SSA:2008-210-08 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004 USN-620-1 http://www.ubuntu.com/usn/usn-620-1 VU#661475 http://www.kb.cert.org/vuls/id/661475 http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html http://sourceforge.net/project/shownotes.php?release_id=615606 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400 http://www.openssl.org/news/secadv_20080528.txt openssl-servername-dos(42666) https://exchange.xforce.ibmcloud.com/vulnerabilities/42666 Common Vulnerability Exposure (CVE) ID: CVE-2008-1672 1020122 http://www.securitytracker.com/id?1020122 20080602 rPSA-2008-0181-1 openssl openssl-scripts http://www.securityfocus.com/archive/1/492932/100/0/threaded VU#520586 http://www.kb.cert.org/vuls/id/520586 openssl-serverkey-dos(42667) https://exchange.xforce.ibmcloud.com/vulnerabilities/42667
Copyright	Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.