Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2013-201)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120028

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2013-201)

Resumen: The remote host is missing an update for the 'openvpn' package(s) announced via the ALAS-2013-201 advisory.

Descripción: Summary:
The remote host is missing an update for the 'openvpn' package(s) announced via the ALAS-2013-201 advisory.

Vulnerability Insight:
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.

Affected Software/OS:
'openvpn' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
2.6

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-2061
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105609.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105568.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:167
http://www.openwall.com/lists/oss-security/2013/05/06/6
SuSE Security Announcement: openSUSE-SU-2013:1645 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00012.html
SuSE Security Announcement: openSUSE-SU-2013:1649 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00016.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120028
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2013-201)
Resumen:	The remote host is missing an update for the 'openvpn' package(s) announced via the ALAS-2013-201 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openvpn' package(s) announced via the ALAS-2013-201 advisory. Vulnerability Insight: The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. Affected Software/OS: 'openvpn' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2061 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105609.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105568.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:167 http://www.openwall.com/lists/oss-security/2013/05/06/6 SuSE Security Announcement: openSUSE-SU-2013:1645 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00012.html SuSE Security Announcement: openSUSE-SU-2013:1649 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00016.html
Copyright	Copyright (C) 2015 Greenbone AG