ID de Prueba:	1.3.6.1.4.1.25623.1.0.871520
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for openssl RHSA-2015:2616-01
Resumen:	The remote host is missing an update for the 'openssl'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the referenced advisory. Vulnerability Insight: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) All openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Affected Software/OS: openssl on Red Hat Enterprise Linux (v. 5 server) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3195 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html BugTraq ID: 78626 http://www.securityfocus.com/bid/78626 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Cisco Security Advisory: 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl Debian Security Information: DSA-3413 (Google Search) http://www.debian.org/security/2015/dsa-3413 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html HPdes Security Advisory: HPSBGN03536 http://marc.info/?l=bugtraq&m=145382583417444&w=2 RedHat Security Advisories: RHSA-2015:2616 http://rhn.redhat.com/errata/RHSA-2015-2616.html RedHat Security Advisories: RHSA-2015:2617 http://rhn.redhat.com/errata/RHSA-2015-2617.html RedHat Security Advisories: RHSA-2016:2056 http://rhn.redhat.com/errata/RHSA-2016-2056.html RedHat Security Advisories: RHSA-2016:2957 http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.securitytracker.com/id/1034294 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583 SuSE Security Announcement: SUSE-SU-2016:0678 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html SuSE Security Announcement: openSUSE-SU-2015:2288 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html SuSE Security Announcement: openSUSE-SU-2015:2289 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html SuSE Security Announcement: openSUSE-SU-2015:2318 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html SuSE Security Announcement: openSUSE-SU-2015:2349 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html SuSE Security Announcement: openSUSE-SU-2016:0637 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html http://www.ubuntu.com/usn/USN-2830-1
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.