Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0108
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0108)
Zusammenfassung:	The remote host is missing an update for the 'compat-openssl10, openssl' package(s) announced via the MGASA-2021-0108 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'compat-openssl10, openssl' package(s) announced via the MGASA-2021-0108 advisory. Vulnerability Insight: Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service (CVE-2021-23840). Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service (CVE-2021-23841). Affected Software/OS: 'compat-openssl10, openssl' package(s) on Mageia 7, Mageia 8. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-23840 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846 https://kc.mcafee.com/corporate/index?page=content&id=SB10366 https://security.netapp.com/advisory/ntap-20210219-0009/ https://www.openssl.org/news/secadv/20210216.txt https://www.tenable.com/security/tns-2021-03 https://www.tenable.com/security/tns-2021-09 https://www.tenable.com/security/tns-2021-10 Debian Security Information: DSA-4855 (Google Search) https://www.debian.org/security/2021/dsa-4855 https://security.gentoo.org/glsa/202103-03 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2021-23841 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807 https://security.netapp.com/advisory/ntap-20210513-0002/ https://support.apple.com/kb/HT212528 https://support.apple.com/kb/HT212529 https://support.apple.com/kb/HT212534 http://seclists.org/fulldisclosure/2021/May/67 http://seclists.org/fulldisclosure/2021/May/70 http://seclists.org/fulldisclosure/2021/May/68
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.