ID de Prueba:	1.3.6.1.4.1.25623.1.0.67078
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0173
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0173. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could cause an application using the OpenSSL library to crash or, possibly, execute arbitrary code. (CVE-2009-3245) All openssl096b users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all programs using the openssl096b library must be restarted. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0173.html http://www.redhat.com/security/updates/classification/#important http://kbase.redhat.com/faq/docs/DOC-26039 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3245 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html BugTraq ID: 38562 http://www.securityfocus.com/bid/38562 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html HPdes Security Advisory: HPSBOV02540 http://marc.info/?l=bugtraq&m=127678688104458&w=2 HPdes Security Advisory: HPSBUX02517 http://marc.info/?l=bugtraq&m=127128920008563&w=2 HPdes Security Advisory: SSRT100058 http://www.mandriva.com/security/advisories?name=MDVSA-2010:076 http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html http://marc.info/?l=openssl-cvs&m=126692180606861&w=2 http://marc.info/?l=openssl-cvs&m=126692159706582&w=2 http://marc.info/?l=openssl-cvs&m=126692170906712&w=2 https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790 http://www.redhat.com/support/errata/RHSA-2010-0977.html http://www.redhat.com/support/errata/RHSA-2011-0896.html http://secunia.com/advisories/37291 http://secunia.com/advisories/38761 http://secunia.com/advisories/39461 http://secunia.com/advisories/39932 http://secunia.com/advisories/42724 http://secunia.com/advisories/42733 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://www.ubuntu.com/usn/USN-1003-1 http://www.vupen.com/english/advisories/2010/0839 http://www.vupen.com/english/advisories/2010/0916 http://www.vupen.com/english/advisories/2010/0933 http://www.vupen.com/english/advisories/2010/1216
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.