Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2014-426)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120188
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2014-426)
Resumen:	The remote host is missing an update for the 'openssl' package(s) announced via the ALAS-2014-426 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the ALAS-2014-426 advisory. Vulnerability Insight: Bodo Moller, Thai Duong and Krzysztof Kotowicz of Google discovered a flaw in the design of SSL version 3.0 that would allow an attacker to calculate the plaintext of secure connections, allowing, for example, secure HTTP cookies to be stolen. [link moved to references] [link moved to references] Special notes: We have backfilled our 2014.03, 2013.09, and 2013.03 Amazon Linux AMI repositories with updated openssl packages that fix CVE-2014-3566. For 2014.09 Amazon Linux AMIs, openssl-1.0.1i-1.79.amzn1 addresses this CVE. Running yum clean all followed by yum update openssl will install the fixed package. For Amazon Linux AMIs 'locked' to the 2014.03 repositories, openssl-1.0.1i-1.79.amzn1 also addresses this CVE. Running yum clean all followed by yum update openssl will install the fixed package. For Amazon Linux AMIs 'locked' to the 2013.09 or 2013.03 repositories, openssl-1.0.1e-4.60.amzn1 addresses this CVE. Running yum clean all followed by yum update openssl will install the fixed package. If you are using a pre-2013.03 Amazon Linux AMI, we encourage you to move to a newer version of the Amazon Linux AMI as soon as possible. Affected Software/OS: 'openssl' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3566 1031029 http://www.securitytracker.com/id/1031029 1031039 http://www.securitytracker.com/id/1031039 1031085 http://www.securitytracker.com/id/1031085 1031086 http://www.securitytracker.com/id/1031086 1031087 http://www.securitytracker.com/id/1031087 1031088 http://www.securitytracker.com/id/1031088 1031089 http://www.securitytracker.com/id/1031089 1031090 http://www.securitytracker.com/id/1031090 1031091 http://www.securitytracker.com/id/1031091 1031092 http://www.securitytracker.com/id/1031092 1031093 http://www.securitytracker.com/id/1031093 1031094 http://www.securitytracker.com/id/1031094 1031095 http://www.securitytracker.com/id/1031095 1031096 http://www.securitytracker.com/id/1031096 1031105 http://www.securitytracker.com/id/1031105 1031106 http://www.securitytracker.com/id/1031106 1031107 http://www.securitytracker.com/id/1031107 1031120 http://www.securitytracker.com/id/1031120 1031123 http://www.securitytracker.com/id/1031123 1031124 http://www.securitytracker.com/id/1031124 1031130 http://www.securitytracker.com/id/1031130 1031131 http://www.securitytracker.com/id/1031131 1031132 http://www.securitytracker.com/id/1031132 20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle 59627 http://secunia.com/advisories/59627 60056 http://secunia.com/advisories/60056 60206 http://secunia.com/advisories/60206 60792 http://secunia.com/advisories/60792 60859 http://secunia.com/advisories/60859 61019 http://secunia.com/advisories/61019 61130 http://secunia.com/advisories/61130 61303 http://secunia.com/advisories/61303 61316 http://secunia.com/advisories/61316 61345 http://secunia.com/advisories/61345 61359 http://secunia.com/advisories/61359 61782 http://secunia.com/advisories/61782 61810 http://secunia.com/advisories/61810 61819 http://secunia.com/advisories/61819 61825 http://secunia.com/advisories/61825 61827 http://secunia.com/advisories/61827 61926 http://secunia.com/advisories/61926 61995 http://secunia.com/advisories/61995 70574 http://www.securityfocus.com/bid/70574 APPLE-SA-2014-10-16-1 http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html APPLE-SA-2014-10-16-3 http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html APPLE-SA-2014-10-16-4 http://www.securityfocus.com/archive/1/533724/100/0/threaded APPLE-SA-2014-10-20-1 http://www.securityfocus.com/archive/1/533747 APPLE-SA-2014-10-20-2 http://www.securityfocus.com/archive/1/533746 APPLE-SA-2015-01-27-4 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html APPLE-SA-2015-09-16-2 http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html DSA-3053 http://www.debian.org/security/2014/dsa-3053 DSA-3144 http://www.debian.org/security/2015/dsa-3144 DSA-3147 http://www.debian.org/security/2015/dsa-3147 DSA-3253 http://www.debian.org/security/2015/dsa-3253 DSA-3489 http://www.debian.org/security/2016/dsa-3489 FEDORA-2014-12951 http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html FEDORA-2014-13012 http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html FEDORA-2014-13069 http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html FEDORA-2015-9090 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html FEDORA-2015-9110 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html GLSA-201507-14 https://security.gentoo.org/glsa/201507-14 GLSA-201606-11 https://security.gentoo.org/glsa/201606-11 HPSBGN03164 http://marc.info/?l=bugtraq&m=141577350823734&w=2 HPSBGN03191 http://marc.info/?l=bugtraq&m=141576815022399&w=2 HPSBGN03192 http://marc.info/?l=bugtraq&m=141620103726640&w=2 HPSBGN03201 http://marc.info/?l=bugtraq&m=141697638231025&w=2 HPSBGN03202 http://marc.info/?l=bugtraq&m=141703183219781&w=2 HPSBGN03203 http://marc.info/?l=bugtraq&m=141697676231104&w=2 HPSBGN03205 http://marc.info/?l=bugtraq&m=141775427104070&w=2 HPSBGN03208 http://marc.info/?l=bugtraq&m=141814011518700&w=2 HPSBGN03209 http://marc.info/?l=bugtraq&m=141715130023061&w=2 HPSBGN03222 http://marc.info/?l=bugtraq&m=141813976718456&w=2 HPSBGN03233 http://marc.info/?l=bugtraq&m=142118135300698&w=2 HPSBGN03237 http://marc.info/?l=bugtraq&m=142296755107581&w=2 HPSBGN03251 http://marc.info/?l=bugtraq&m=142354438527235&w=2 HPSBGN03252 http://marc.info/?l=bugtraq&m=142350743917559&w=2 HPSBGN03253 http://marc.info/?l=bugtraq&m=142350196615714&w=2 HPSBGN03254 http://marc.info/?l=bugtraq&m=142350298616097&w=2 HPSBGN03255 http://marc.info/?l=bugtraq&m=142357976805598&w=2 HPSBGN03305 http://marc.info/?l=bugtraq&m=142962817202793&w=2 HPSBGN03332 http://marc.info/?l=bugtraq&m=143290371927178&w=2 HPSBGN03391 http://marc.info/?l=bugtraq&m=144294141001552&w=2 HPSBGN03569 http://marc.info/?l=bugtraq&m=145983526810210&w=2 HPSBHF03156 http://marc.info/?l=bugtraq&m=141450973807288&w=2 HPSBHF03275 http://marc.info/?l=bugtraq&m=142721887231400&w=2 HPSBHF03293 http://marc.info/?l=bugtraq&m=142660345230545&w=2 HPSBHF03300 http://marc.info/?l=bugtraq&m=142804214608580&w=2 HPSBMU03152 http://marc.info/?l=bugtraq&m=141450452204552&w=2 HPSBMU03183 http://marc.info/?l=bugtraq&m=141628688425177&w=2 HPSBMU03184 http://marc.info/?l=bugtraq&m=141577087123040&w=2 HPSBMU03214 http://marc.info/?l=bugtraq&m=141694355519663&w=2 HPSBMU03221 http://marc.info/?l=bugtraq&m=141879378918327&w=2 HPSBMU03223 http://marc.info/?l=bugtraq&m=143290583027876&w=2 HPSBMU03234 http://marc.info/?l=bugtraq&m=143628269912142&w=2 HPSBMU03241 http://marc.info/?l=bugtraq&m=143039249603103&w=2 HPSBMU03259 http://marc.info/?l=bugtraq&m=142624619906067&w=2 HPSBMU03260 http://marc.info/?l=bugtraq&m=142495837901899&w=2 HPSBMU03261 http://marc.info/?l=bugtraq&m=143290522027658&w=2 HPSBMU03262 http://marc.info/?l=bugtraq&m=142624719706349&w=2 HPSBMU03263 http://marc.info/?l=bugtraq&m=143290437727362&w=2 HPSBMU03267 http://marc.info/?l=bugtraq&m=142624590206005&w=2 HPSBMU03283 http://marc.info/?l=bugtraq&m=142624679706236&w=2 HPSBMU03294 http://marc.info/?l=bugtraq&m=142740155824959&w=2 HPSBMU03301 http://marc.info/?l=bugtraq&m=142721830231196&w=2 HPSBMU03304 http://marc.info/?l=bugtraq&m=142791032306609&w=2 HPSBMU03416 http://marc.info/?l=bugtraq&m=144101915224472&w=2 HPSBOV03227 http://marc.info/?l=bugtraq&m=142103967620673&w=2 HPSBPI03107 http://marc.info/?l=bugtraq&m=143558137709884&w=2 HPSBPI03360 http://marc.info/?l=bugtraq&m=143558192010071&w=2 HPSBST03195 http://marc.info/?l=bugtraq&m=142805027510172&w=2 HPSBST03265 http://marc.info/?l=bugtraq&m=142546741516006&w=2 HPSBST03418 http://marc.info/?l=bugtraq&m=144251162130364&w=2 HPSBUX03162 http://marc.info/?l=bugtraq&m=141477196830952&w=2 HPSBUX03194 http://marc.info/?l=bugtraq&m=143101048219218&w=2 HPSBUX03273 http://marc.info/?l=bugtraq&m=142496355704097&w=2 HPSBUX03281 http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 MDVSA-2014:203 http://www.mandriva.com/security/advisories?name=MDVSA-2014:203 MDVSA-2015:062 http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 NetBSD-SA2014-015 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc RHSA-2014:1652 http://rhn.redhat.com/errata/RHSA-2014-1652.html RHSA-2014:1653 http://rhn.redhat.com/errata/RHSA-2014-1653.html RHSA-2014:1692 http://rhn.redhat.com/errata/RHSA-2014-1692.html RHSA-2014:1876 http://rhn.redhat.com/errata/RHSA-2014-1876.html RHSA-2014:1877 http://rhn.redhat.com/errata/RHSA-2014-1877.html RHSA-2014:1880 http://rhn.redhat.com/errata/RHSA-2014-1880.html RHSA-2014:1881 http://rhn.redhat.com/errata/RHSA-2014-1881.html RHSA-2014:1882 http://rhn.redhat.com/errata/RHSA-2014-1882.html RHSA-2014:1920 http://rhn.redhat.com/errata/RHSA-2014-1920.html RHSA-2014:1948 http://rhn.redhat.com/errata/RHSA-2014-1948.html RHSA-2015:0068 http://rhn.redhat.com/errata/RHSA-2015-0068.html RHSA-2015:0079 http://rhn.redhat.com/errata/RHSA-2015-0079.html RHSA-2015:0080 http://rhn.redhat.com/errata/RHSA-2015-0080.html RHSA-2015:0085 http://rhn.redhat.com/errata/RHSA-2015-0085.html RHSA-2015:0086 http://rhn.redhat.com/errata/RHSA-2015-0086.html RHSA-2015:0264 http://rhn.redhat.com/errata/RHSA-2015-0264.html RHSA-2015:0698 http://rhn.redhat.com/errata/RHSA-2015-0698.html RHSA-2015:1545 http://rhn.redhat.com/errata/RHSA-2015-1545.html RHSA-2015:1546 http://rhn.redhat.com/errata/RHSA-2015-1546.html SSRT101739 SSRT101767 SSRT101779 SSRT101790 SSRT101795 SSRT101834 SSRT101838 SSRT101846 SSRT101849 SSRT101854 SSRT101868 SSRT101892 SSRT101894 SSRT101896 SSRT101897 SSRT101898 SSRT101899 SSRT101916 SSRT101921 SSRT101922 http://marc.info/?l=bugtraq&m=142624619906067 SSRT101928 SSRT101951 SSRT101968 http://marc.info/?l=bugtraq&m=142607790919348&w=2 SSRT101998 SUSE-SU-2014:1357 http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html SUSE-SU-2014:1361 http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html SUSE-SU-2014:1526 http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html SUSE-SU-2014:1549 http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html SUSE-SU-2015:0336 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html SUSE-SU-2015:0344 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html SUSE-SU-2015:0345 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html SUSE-SU-2015:0376 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html SUSE-SU-2015:0392 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html SUSE-SU-2015:0503 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html SUSE-SU-2015:0578 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html SUSE-SU-2016:1457 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html SUSE-SU-2016:1459 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html TA14-290A http://www.us-cert.gov/ncas/alerts/TA14-290A USN-2486-1 http://www.ubuntu.com/usn/USN-2486-1 USN-2487-1 http://www.ubuntu.com/usn/USN-2487-1 VU#577193 http://www.kb.cert.org/vuls/id/577193 [cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E [cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E [cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E [cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E [cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E [cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E [openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 ("POODLE") http://marc.info/?l=openssl-dev&m=141333049205629&w=2 http://advisories.mageia.org/MGASA-2014-0416.html http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/ http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf http://downloads.asterisk.org/pub/security/AST-2014-011.html http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html http://support.apple.com/HT204244 http://support.citrix.com/article/CTX200238 http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431 http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439 http://www-01.ibm.com/support/docview.wss?uid=swg21686997 http://www-01.ibm.com/support/docview.wss?uid=swg21687172 http://www-01.ibm.com/support/docview.wss?uid=swg21687611 http://www-01.ibm.com/support/docview.wss?uid=swg21688283 http://www-01.ibm.com/support/docview.wss?uid=swg21692299 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.vmware.com/security/advisories/VMSA-2015-0003.html http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm https://access.redhat.com/articles/1232123 https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6 https://bto.bluecoat.com/security-advisory/sa83 https://bugzilla.mozilla.org/show_bug.cgi?id=1076983 https://bugzilla.redhat.com/show_bug.cgi?id=1152789 https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip https://github.com/mpgn/poodle-PoC https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 https://kc.mcafee.com/corporate/index?page=content&id=SB10090 https://kc.mcafee.com/corporate/index?page=content&id=SB10091 https://kc.mcafee.com/corporate/index?page=content&id=SB10104 https://puppet.com/security/cve/poodle-sslv3-vulnerability https://security.netapp.com/advisory/ntap-20141015-0001/ https://support.apple.com/HT205217 https://support.apple.com/kb/HT6527 https://support.apple.com/kb/HT6529 https://support.apple.com/kb/HT6531 https://support.apple.com/kb/HT6535 https://support.apple.com/kb/HT6536 https://support.apple.com/kb/HT6541 https://support.apple.com/kb/HT6542 https://support.citrix.com/article/CTX216642 https://support.lenovo.com/product_security/poodle https://support.lenovo.com/us/en/product_security/poodle https://technet.microsoft.com/library/security/3009008.aspx https://www-01.ibm.com/support/docview.wss?uid=swg21688165 https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7 https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html https://www.elastic.co/blog/logstash-1-4-3-released https://www.imperialviolet.org/2014/10/14/poodle.html https://www.openssl.org/news/secadv_20141015.txt https://www.openssl.org/~bodo/ssl-poodle.pdf https://www.suse.com/support/kb/doc.php?id=7015773 openSUSE-SU-2014:1331 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html openSUSE-SU-2015:0190 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html openSUSE-SU-2016:0640 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Copyright	Copyright (C) 2015 Greenbone AG

Special notes: