Mandrake Local Security Checks : Mandriva Update for openssl MDVSA-2011:136 (openssl)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831455

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for openssl MDVSA-2011:136 (openssl)

Resumen: The remote host is missing an update for the 'openssl'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'openssl'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability was discovered and corrected in openssl:

The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and
earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA)
is used for the ECDHE_ECDSA cipher suite, does not properly implement
curves over binary fields, which makes it easier for context-dependent
attackers to determine private keys via a timing attack and a lattice
calculation (CVE-2011-1945).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been patched to correct this issue.

Affected Software/OS:
openssl on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
2.6

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1945
44935
http://secunia.com/advisories/44935
APPLE-SA-2013-06-04-1
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
DSA-2309
http://www.debian.org/security/2011/dsa-2309
MDVSA-2011:136
http://www.mandriva.com/security/advisories?name=MDVSA-2011:136
MDVSA-2011:137
http://www.mandriva.com/security/advisories?name=MDVSA-2011:137
SUSE-SU-2011:0636
https://hermes.opensuse.org/messages/8764170
VU#536044
http://www.kb.cert.org/vuls/id/536044
http://eprint.iacr.org/2011/232.pdf
http://support.apple.com/kb/HT5784
http://www.kb.cert.org/vuls/id/MAPG-8FENZ3
openSUSE-SU-2011:0634
https://hermes.opensuse.org/messages/8760466

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831455
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for openssl MDVSA-2011:136 (openssl)
Resumen:	The remote host is missing an update for the 'openssl'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability was discovered and corrected in openssl: The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation (CVE-2011-1945). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct this issue. Affected Software/OS: openssl on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1945 44935 http://secunia.com/advisories/44935 APPLE-SA-2013-06-04-1 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html DSA-2309 http://www.debian.org/security/2011/dsa-2309 MDVSA-2011:136 http://www.mandriva.com/security/advisories?name=MDVSA-2011:136 MDVSA-2011:137 http://www.mandriva.com/security/advisories?name=MDVSA-2011:137 SUSE-SU-2011:0636 https://hermes.opensuse.org/messages/8764170 VU#536044 http://www.kb.cert.org/vuls/id/536044 http://eprint.iacr.org/2011/232.pdf http://support.apple.com/kb/HT5784 http://www.kb.cert.org/vuls/id/MAPG-8FENZ3 openSUSE-SU-2011:0634 https://hermes.opensuse.org/messages/8760466
Copyright	Copyright (C) 2011 Greenbone AG