ID de Prueba:	1.3.6.1.4.1.25623.1.0.120187
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2014-427)
Resumen:	The remote host is missing an update for the 'openssl' package(s) announced via the ALAS-2014-427 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the ALAS-2014-427 advisory. Vulnerability Insight: A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. (CVE-2014-3513) A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567) When OpenSSL is configured with 'no-ssl3' as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. (CVE-2014-3568) Affected Software/OS: 'openssl' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3513 http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html BugTraq ID: 70584 http://www.securityfocus.com/bid/70584 Debian Security Information: DSA-3053 (Google Search) http://www.debian.org/security/2014/dsa-3053 http://security.gentoo.org/glsa/glsa-201412-39.xml HPdes Security Advisory: HPSBGN03233 http://marc.info/?l=bugtraq&m=142118135300698&w=2 HPdes Security Advisory: HPSBHF03300 http://marc.info/?l=bugtraq&m=142804214608580&w=2 HPdes Security Advisory: HPSBMU03223 http://marc.info/?l=bugtraq&m=143290583027876&w=2 HPdes Security Advisory: HPSBMU03260 http://marc.info/?l=bugtraq&m=142495837901899&w=2 HPdes Security Advisory: HPSBMU03261 http://marc.info/?l=bugtraq&m=143290522027658&w=2 HPdes Security Advisory: HPSBMU03263 http://marc.info/?l=bugtraq&m=143290437727362&w=2 HPdes Security Advisory: HPSBMU03267 http://marc.info/?l=bugtraq&m=142624590206005&w=2 HPdes Security Advisory: HPSBMU03296 http://marc.info/?l=bugtraq&m=142834685803386&w=2 HPdes Security Advisory: HPSBMU03304 http://marc.info/?l=bugtraq&m=142791032306609&w=2 HPdes Security Advisory: SSRT101739 HPdes Security Advisory: SSRT101868 HPdes Security Advisory: SSRT101894 http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 NETBSD Security Advisory: NetBSD-SA2014-015 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc RedHat Security Advisories: RHSA-2014:1652 http://rhn.redhat.com/errata/RHSA-2014-1652.html RedHat Security Advisories: RHSA-2014:1692 http://rhn.redhat.com/errata/RHSA-2014-1692.html http://www.securitytracker.com/id/1031052 http://secunia.com/advisories/59627 http://secunia.com/advisories/61058 http://secunia.com/advisories/61073 http://secunia.com/advisories/61207 http://secunia.com/advisories/61298 http://secunia.com/advisories/61439 http://secunia.com/advisories/61837 http://secunia.com/advisories/61959 http://secunia.com/advisories/61990 http://secunia.com/advisories/62070 SuSE Security Announcement: SUSE-SU-2014:1357 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html SuSE Security Announcement: openSUSE-SU-2014:1331 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html http://www.ubuntu.com/usn/USN-2385-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3567 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html BugTraq ID: 70586 http://www.securityfocus.com/bid/70586 HPdes Security Advisory: HPSBOV03227 http://marc.info/?l=bugtraq&m=142103967620673&w=2 HPdes Security Advisory: HPSBUX03162 http://marc.info/?l=bugtraq&m=141477196830952&w=2 HPdes Security Advisory: SSRT101767 HPdes Security Advisory: SSRT101779 http://www.mandriva.com/security/advisories?name=MDVSA-2014:203 RedHat Security Advisories: RHSA-2015:0126 http://rhn.redhat.com/errata/RHSA-2015-0126.html http://secunia.com/advisories/61130 http://secunia.com/advisories/61819 http://secunia.com/advisories/62030 http://secunia.com/advisories/62124 SuSE Security Announcement: SUSE-SU-2014:1361 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3568 BugTraq ID: 70585 http://www.securityfocus.com/bid/70585 http://www.securitytracker.com/id/1031053 SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html XForce ISS Database: openssl-cve20143568-sec-bypass(97037) https://exchange.xforce.ibmcloud.com/vulnerabilities/97037
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.