ID de Prueba:	1.3.6.1.4.1.25623.1.0.120584
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-62)
Resumen:	The remote host is missing an update for the 'openssl' package(s) announced via the ALAS-2012-62 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the ALAS-2012-62 advisory. Vulnerability Insight: A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. (CVE-2012-1165) A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS) implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times. (CVE-2012-0884) Affected Software/OS: 'openssl' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0884 CERT/CC vulnerability note: VU#737740 http://www.kb.cert.org/vuls/id/737740 Debian Security Information: DSA-2454 (Google Search) http://www.debian.org/security/2012/dsa-2454 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html HPdes Security Advisory: HPSBMU02776 http://marc.info/?l=bugtraq&m=133951357207000&w=2 HPdes Security Advisory: HPSBOV02793 http://marc.info/?l=bugtraq&m=134039053214295&w=2 HPdes Security Advisory: HPSBUX02782 http://marc.info/?l=bugtraq&m=133728068926468&w=2 HPdes Security Advisory: SSRT100844 HPdes Security Advisory: SSRT100852 HPdes Security Advisory: SSRT100891 RedHat Security Advisories: RHSA-2012:0426 http://rhn.redhat.com/errata/RHSA-2012-0426.html RedHat Security Advisories: RHSA-2012:0488 http://rhn.redhat.com/errata/RHSA-2012-0488.html RedHat Security Advisories: RHSA-2012:0531 http://rhn.redhat.com/errata/RHSA-2012-0531.html RedHat Security Advisories: RHSA-2012:1306 http://rhn.redhat.com/errata/RHSA-2012-1306.html RedHat Security Advisories: RHSA-2012:1307 http://rhn.redhat.com/errata/RHSA-2012-1307.html RedHat Security Advisories: RHSA-2012:1308 http://rhn.redhat.com/errata/RHSA-2012-1308.html http://secunia.com/advisories/48580 http://secunia.com/advisories/48895 http://secunia.com/advisories/48916 http://secunia.com/advisories/57353 SuSE Security Announcement: openSUSE-SU-2012:0547 (Google Search) https://hermes.opensuse.org/messages/14330767 Common Vulnerability Exposure (CVE) ID: CVE-2012-1165 BugTraq ID: 52764 http://www.securityfocus.com/bid/52764 HPdes Security Advisory: HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPdes Security Advisory: SSRT100877 http://www.openwall.com/lists/oss-security/2012/03/12/3 http://www.openwall.com/lists/oss-security/2012/03/12/6 http://www.openwall.com/lists/oss-security/2012/03/12/7 http://www.openwall.com/lists/oss-security/2012/03/13/2 http://www.securitytracker.com/id?1026787 http://secunia.com/advisories/48899 http://www.ubuntu.com/usn/USN-1424-1
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.