Slackware Local Security Checks : Slackware: Security Advisory (SSA:2010-090-01)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67216

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2010-090-01)

Resumen: The remote host is missing an update for the 'openssl' package(s) announced via the SSA:2010-090-01 advisory.

Descripción: Summary:
The remote host is missing an update for the 'openssl' package(s) announced via the SSA:2010-090-01 advisory.

Vulnerability Insight:
New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,
and -current to fix security issues.

More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

[links moved to references]

A recompiled proftpd package is required if you run ProFTPD.

Here are the details from the Slackware 13.0 ChangeLog:
+--------------------------+
patches/packages/openssl-0.9.8n-i486-1_slack13.0.txz: Upgraded.
This OpenSSL update contains some security related bugfixes.
For more information, see the included CHANGES and NEWS files, and:
[links moved to references]
(* Security fix *)
patches/packages/openssl-solibs-0.9.8n-i486-1_slack13.0.txz: Upgraded.
+--------------------------+

Affected Software/OS:
'openssl' package(s) on Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0433
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
http://www.securityfocus.com/archive/1/516397/100/0/threaded
39461
http://secunia.com/advisories/39461
39932
http://secunia.com/advisories/39932
42724
http://secunia.com/advisories/42724
42733
http://secunia.com/advisories/42733
43311
http://secunia.com/advisories/43311
ADV-2010-0839
http://www.vupen.com/english/advisories/2010/0839
ADV-2010-0916
http://www.vupen.com/english/advisories/2010/0916
ADV-2010-0933
http://www.vupen.com/english/advisories/2010/0933
ADV-2010-1216
http://www.vupen.com/english/advisories/2010/1216
FEDORA-2010-5357
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
FEDORA-2010-5744
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
HPSBUX02517
http://marc.info/?l=bugtraq&m=127128920008563&w=2
HPSBUX02531
http://marc.info/?l=bugtraq&m=127557640302499&w=2
MDVSA-2010:076
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
SSRT100058
SSRT100108
[dovecot] 20100219 segfault - (imap|pop3)-login during nessus scan
http://www.mail-archive.com/dovecot%40dovecot.org/msg26224.html
[oss-security] 20100303 OpenSSL (with KRB5) remote crash - CVE-2010-0433
http://www.openwall.com/lists/oss-security/2010/03/03/5
[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
http://cvs.openssl.org/chngview?cn=19374
http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7
http://www.openssl.org/news/changelog.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
https://bugzilla.redhat.com/show_bug.cgi?id=567711
https://bugzilla.redhat.com/show_bug.cgi?id=569774
https://kb.bluecoat.com/index?page=content&id=SA50
oval:org.mitre.oval:def:12260
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12260
oval:org.mitre.oval:def:6718
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6718
oval:org.mitre.oval:def:9856
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9856
Common Vulnerability Exposure (CVE) ID: CVE-2010-0740
1023748
http://www.securitytracker.com/id?1023748
ADV-2010-0710
http://www.vupen.com/english/advisories/2010/0710
APPLE-SA-2011-06-23-1
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
http://support.apple.com/kb/HT4723
http://www.openssl.org/news/secadv_20100324.txt
oval:org.mitre.oval:def:11731
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67216
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2010-090-01)
Resumen:	The remote host is missing an update for the 'openssl' package(s) announced via the SSA:2010-090-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the SSA:2010-090-01 advisory. Vulnerability Insight: New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: [links moved to references] A recompiled proftpd package is required if you run ProFTPD. Here are the details from the Slackware 13.0 ChangeLog: +--------------------------+ patches/packages/openssl-0.9.8n-i486-1_slack13.0.txz: Upgraded. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: [links moved to references] (* Security fix *) patches/packages/openssl-solibs-0.9.8n-i486-1_slack13.0.txz: Upgraded. +--------------------------+ Affected Software/OS: 'openssl' package(s) on Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0433 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 39461 http://secunia.com/advisories/39461 39932 http://secunia.com/advisories/39932 42724 http://secunia.com/advisories/42724 42733 http://secunia.com/advisories/42733 43311 http://secunia.com/advisories/43311 ADV-2010-0839 http://www.vupen.com/english/advisories/2010/0839 ADV-2010-0916 http://www.vupen.com/english/advisories/2010/0916 ADV-2010-0933 http://www.vupen.com/english/advisories/2010/0933 ADV-2010-1216 http://www.vupen.com/english/advisories/2010/1216 FEDORA-2010-5357 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html FEDORA-2010-5744 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html HPSBUX02517 http://marc.info/?l=bugtraq&m=127128920008563&w=2 HPSBUX02531 http://marc.info/?l=bugtraq&m=127557640302499&w=2 MDVSA-2010:076 http://www.mandriva.com/security/advisories?name=MDVSA-2010:076 SSRT100058 SSRT100108 [dovecot] 20100219 segfault - (imap\|pop3)-login during nessus scan http://www.mail-archive.com/dovecot%40dovecot.org/msg26224.html [oss-security] 20100303 OpenSSL (with KRB5) remote crash - CVE-2010-0433 http://www.openwall.com/lists/oss-security/2010/03/03/5 [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc http://cvs.openssl.org/chngview?cn=19374 http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7 http://www.openssl.org/news/changelog.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html https://bugzilla.redhat.com/show_bug.cgi?id=567711 https://bugzilla.redhat.com/show_bug.cgi?id=569774 https://kb.bluecoat.com/index?page=content&id=SA50 oval:org.mitre.oval:def:12260 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12260 oval:org.mitre.oval:def:6718 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6718 oval:org.mitre.oval:def:9856 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9856 Common Vulnerability Exposure (CVE) ID: CVE-2010-0740 1023748 http://www.securitytracker.com/id?1023748 ADV-2010-0710 http://www.vupen.com/english/advisories/2010/0710 APPLE-SA-2011-06-23-1 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://support.apple.com/kb/HT4723 http://www.openssl.org/news/secadv_20100324.txt oval:org.mitre.oval:def:11731 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731
Copyright	Copyright (C) 2012 Greenbone AG