Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200902-02 (openssl)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63349

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200902-02 (openssl)

Resumen: The remote host is missing updates announced in;advisory GLSA 200902-02.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200902-02.

Vulnerability Insight:
An error in the OpenSSL certificate chain validation might allow for
spoofing attacks.

Solution:
All OpenSSL users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8j'

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5077
1021523
http://www.securitytracker.com/id?1021523
20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses
http://www.securityfocus.com/archive/1/499827/100/0/threaded
20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim
http://www.securityfocus.com/archive/1/502322/100/0/threaded
250826
http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1
33150
http://www.securityfocus.com/bid/33150
33338
http://secunia.com/advisories/33338
33394
http://secunia.com/advisories/33394
33436
http://secunia.com/advisories/33436
33557
http://secunia.com/advisories/33557
33673
http://secunia.com/advisories/33673
33765
http://secunia.com/advisories/33765
34211
http://secunia.com/advisories/34211
35074
http://secunia.com/advisories/35074
35108
http://secunia.com/advisories/35108
39005
http://secunia.com/advisories/39005
ADV-2009-0040
http://www.vupen.com/english/advisories/2009/0040
ADV-2009-0289
http://www.vupen.com/english/advisories/2009/0289
ADV-2009-0362
http://www.vupen.com/english/advisories/2009/0362
ADV-2009-0558
http://www.vupen.com/english/advisories/2009/0558
ADV-2009-0904
http://www.vupen.com/english/advisories/2009/0904
ADV-2009-0913
http://www.vupen.com/english/advisories/2009/0913
ADV-2009-1297
http://www.vupen.com/english/advisories/2009/1297
ADV-2009-1338
http://www.vupen.com/english/advisories/2009/1338
APPLE-SA-2009-05-12
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
GLSA-200902-02
http://security.gentoo.org/glsa/glsa-200902-02.xml
HPSBMA02426
http://marc.info/?l=bugtraq&m=124277349419254&w=2
HPSBOV02540
http://marc.info/?l=bugtraq&m=127678688104458&w=2
HPSBUX02418
http://marc.info/?l=bugtraq&m=123859864430555&w=2
RHSA-2009:0004
http://www.redhat.com/support/errata/RHSA-2009-0004.html
SSA:2009-014-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.544796
SSRT090002
SSRT090053
SUSE-SU-2011:0847
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
USN-704-1
https://usn.ubuntu.com/704-1/
http://support.apple.com/kb/HT3549
http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653
http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html
http://www.ocert.org/advisories/ocert-2008-016.html
http://www.openssl.org/news/secadv_20090107.txt
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
openSUSE-SU-2011:0845
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
oval:org.mitre.oval:def:6380
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6380
oval:org.mitre.oval:def:9155
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9155

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63349
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200902-02 (openssl)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200902-02.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200902-02. Vulnerability Insight: An error in the OpenSSL certificate chain validation might allow for spoofing attacks. Solution: All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8j' CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5077 1021523 http://www.securitytracker.com/id?1021523 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses http://www.securityfocus.com/archive/1/499827/100/0/threaded 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim http://www.securityfocus.com/archive/1/502322/100/0/threaded 250826 http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1 33150 http://www.securityfocus.com/bid/33150 33338 http://secunia.com/advisories/33338 33394 http://secunia.com/advisories/33394 33436 http://secunia.com/advisories/33436 33557 http://secunia.com/advisories/33557 33673 http://secunia.com/advisories/33673 33765 http://secunia.com/advisories/33765 34211 http://secunia.com/advisories/34211 35074 http://secunia.com/advisories/35074 35108 http://secunia.com/advisories/35108 39005 http://secunia.com/advisories/39005 ADV-2009-0040 http://www.vupen.com/english/advisories/2009/0040 ADV-2009-0289 http://www.vupen.com/english/advisories/2009/0289 ADV-2009-0362 http://www.vupen.com/english/advisories/2009/0362 ADV-2009-0558 http://www.vupen.com/english/advisories/2009/0558 ADV-2009-0904 http://www.vupen.com/english/advisories/2009/0904 ADV-2009-0913 http://www.vupen.com/english/advisories/2009/0913 ADV-2009-1297 http://www.vupen.com/english/advisories/2009/1297 ADV-2009-1338 http://www.vupen.com/english/advisories/2009/1338 APPLE-SA-2009-05-12 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html GLSA-200902-02 http://security.gentoo.org/glsa/glsa-200902-02.xml HPSBMA02426 http://marc.info/?l=bugtraq&m=124277349419254&w=2 HPSBOV02540 http://marc.info/?l=bugtraq&m=127678688104458&w=2 HPSBUX02418 http://marc.info/?l=bugtraq&m=123859864430555&w=2 RHSA-2009:0004 http://www.redhat.com/support/errata/RHSA-2009-0004.html SSA:2009-014-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.544796 SSRT090002 SSRT090053 SUSE-SU-2011:0847 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html USN-704-1 https://usn.ubuntu.com/704-1/ http://support.apple.com/kb/HT3549 http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653 http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html http://www.ocert.org/advisories/ocert-2008-016.html http://www.openssl.org/news/secadv_20090107.txt http://www.vmware.com/security/advisories/VMSA-2009-0004.html openSUSE-SU-2011:0845 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html oval:org.mitre.oval:def:6380 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6380 oval:org.mitre.oval:def:9155 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9155
Copyright	Copyright (C) 2009 E-Soft Inc.