ID de Prueba:	1.3.6.1.4.1.25623.1.0.883391
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for openssl (CESA-2021:3798)
Resumen:	The remote host is missing an update for the 'openssl'; package(s) announced via the CESA-2021:3798 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the CESA-2021:3798 advisory. Vulnerability Insight: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'openssl' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-23840 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846 https://kc.mcafee.com/corporate/index?page=content&id=SB10366 https://security.netapp.com/advisory/ntap-20210219-0009/ https://www.openssl.org/news/secadv/20210216.txt https://www.tenable.com/security/tns-2021-03 https://www.tenable.com/security/tns-2021-09 https://www.tenable.com/security/tns-2021-10 Debian Security Information: DSA-4855 (Google Search) https://www.debian.org/security/2021/dsa-4855 https://security.gentoo.org/glsa/202103-03 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2021-23841 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807 https://security.netapp.com/advisory/ntap-20210513-0002/ https://support.apple.com/kb/HT212528 https://support.apple.com/kb/HT212529 https://support.apple.com/kb/HT212534 http://seclists.org/fulldisclosure/2021/May/67 http://seclists.org/fulldisclosure/2021/May/70 http://seclists.org/fulldisclosure/2021/May/68
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.