 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2017.0042 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2017-0042) |
| Zusammenfassung: | The remote host is missing an update for the 'openssl' package(s) announced via the MGASA-2017-0042 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'openssl' package(s) announced via the MGASA-2017-0042 advisory. Vulnerability Insight: There is a carry propagation bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. mong EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation (CVE-2016-7055). If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. The crash can be triggered when using RC4-MD5, if it has not been disabled (CVE-2017-3731). There is a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker would need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients (CVE-2017-3732). Affected Software/OS: 'openssl' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-7055 BugTraq ID: 94242 http://www.securityfocus.com/bid/94242 FreeBSD Security Advisory: FreeBSD-SA-17:02 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc https://security.gentoo.org/glsa/201702-07 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html RedHat Security Advisories: RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2185 RedHat Security Advisories: RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2186 RedHat Security Advisories: RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2187 http://www.securitytracker.com/id/1037261 Common Vulnerability Exposure (CVE) ID: CVE-2017-3731 BugTraq ID: 95813 http://www.securityfocus.com/bid/95813 Debian Security Information: DSA-3773 (Google Search) http://www.debian.org/security/2017/dsa-3773 https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21 RedHat Security Advisories: RHSA-2017:0286 http://rhn.redhat.com/errata/RHSA-2017-0286.html http://www.securitytracker.com/id/1037717 Common Vulnerability Exposure (CVE) ID: CVE-2017-3732 BugTraq ID: 95814 http://www.securityfocus.com/bid/95814 https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b RedHat Security Advisories: RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2568 RedHat Security Advisories: RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2575 RedHat Security Advisories: RHSA-2018:2713 https://access.redhat.com/errata/RHSA-2018:2713 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |