ID de Prueba:	1.3.6.1.4.1.25623.1.0.68557
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0978
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0978. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly forcing the client to use a weaker ciphersuite after resuming the session. (CVE-2010-4180, CVE-2008-7270) Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option has no effect and this bug workaround can no longer be enabled. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0978.html Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-7270 BugTraq ID: 45254 http://www.securityfocus.com/bid/45254 HPdes Security Advisory: HPSBHF02706 http://marc.info/?l=bugtraq&m=132077688910227&w=2 HPdes Security Advisory: HPSBMU02759 http://www.securityfocus.com/archive/1/522176 HPdes Security Advisory: SSRT100613 HPdes Security Advisory: SSRT100817 http://www.redhat.com/support/errata/RHSA-2010-0977.html http://www.redhat.com/support/errata/RHSA-2010-0978.html http://www.redhat.com/support/errata/RHSA-2011-0896.html http://secunia.com/advisories/42493 http://ubuntu.com/usn/usn-1029-1 Common Vulnerability Exposure (CVE) ID: CVE-2010-4180 1024822 http://www.securitytracker.com/id?1024822 42469 http://secunia.com/advisories/42469 42473 http://secunia.com/advisories/42473 42493 42571 http://secunia.com/advisories/42571 42620 http://secunia.com/advisories/42620 42811 http://secunia.com/advisories/42811 42877 http://secunia.com/advisories/42877 43169 http://secunia.com/advisories/43169 43170 http://secunia.com/advisories/43170 43171 http://secunia.com/advisories/43171 43172 http://secunia.com/advisories/43172 43173 http://secunia.com/advisories/43173 44269 http://secunia.com/advisories/44269 45164 http://www.securityfocus.com/bid/45164 69565 http://osvdb.org/69565 ADV-2010-3120 http://www.vupen.com/english/advisories/2010/3120 ADV-2010-3122 http://www.vupen.com/english/advisories/2010/3122 ADV-2010-3134 http://www.vupen.com/english/advisories/2010/3134 ADV-2010-3188 http://www.vupen.com/english/advisories/2010/3188 ADV-2011-0032 http://www.vupen.com/english/advisories/2011/0032 ADV-2011-0076 http://www.vupen.com/english/advisories/2011/0076 ADV-2011-0268 http://www.vupen.com/english/advisories/2011/0268 APPLE-SA-2011-06-23-1 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html DSA-2141 http://www.debian.org/security/2011/dsa-2141 FEDORA-2010-18736 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html FEDORA-2010-18765 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html HPSBHF02706 HPSBMA02658 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 HPSBMU02759 HPSBOV02670 http://marc.info/?l=bugtraq&m=130497251507577&w=2 HPSBUX02638 http://marc.info/?l=bugtraq&m=129916880600544&w=2 MDVSA-2010:248 http://www.mandriva.com/security/advisories?name=MDVSA-2010:248 RHSA-2010:0977 RHSA-2010:0978 RHSA-2010:0979 http://www.redhat.com/support/errata/RHSA-2010-0979.html RHSA-2011:0896 SSA:2010-340-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471 SSRT100339 SSRT100413 SSRT100475 SSRT100613 SSRT100817 SUSE-SR:2011:001 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html SUSE-SR:2011:009 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html SUSE-SU-2011:0847 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html USN-1029-1 VU#737740 http://www.kb.cert.org/vuls/id/737740 http://cvs.openssl.org/chngview?cn=20131 http://openssl.org/news/secadv_20101202.txt http://support.apple.com/kb/HT4723 https://bugzilla.redhat.com/show_bug.cgi?id=659462 https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST openSUSE-SU-2011:0845 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html oval:org.mitre.oval:def:18910 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.