Búsqueda de    
Vulnerabilidad   
    Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2014.0187
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2014-0187)
Resumen:The remote host is missing an update for the 'openssl' package(s) announced via the MGASA-2014-0187 advisory.
Descripción:Summary:
The remote host is missing an update for the 'openssl' package(s) announced via the MGASA-2014-0187 advisory.

Vulnerability Insight:
Updated openssl packages fix security vulnerability:

A read buffer can be freed even when it still contains data that is used
later on, leading to a use-after-free. Given a race condition in a
multi-threaded application it may permit an attacker to inject data from
one connection into another or cause denial of service (CVE-2010-5298).

Also fixed in this update is a potential security issue with detection of
the 'critical' flag for the TSA extended key usage under certain cases.

Affected Software/OS:
'openssl' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-5298
BugTraq ID: 66801
http://www.securityfocus.com/bid/66801
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Cisco Security Advisory: 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://seclists.org/fulldisclosure/2014/Dec/23
http://security.gentoo.org/glsa/glsa-201407-05.xml
HPdes Security Advisory: HPSBGN03068
http://marc.info/?l=bugtraq&m=140544599631400&w=2
HPdes Security Advisory: HPSBHF03052
http://marc.info/?l=bugtraq&m=141658880509699&w=2
HPdes Security Advisory: HPSBMU03051
http://marc.info/?l=bugtraq&m=140448122410568&w=2
HPdes Security Advisory: HPSBMU03055
http://marc.info/?l=bugtraq&m=140431828824371&w=2
HPdes Security Advisory: HPSBMU03056
http://marc.info/?l=bugtraq&m=140389355508263&w=2
HPdes Security Advisory: HPSBMU03057
http://marc.info/?l=bugtraq&m=140389274407904&w=2
HPdes Security Advisory: HPSBMU03062
http://marc.info/?l=bugtraq&m=140752315422991&w=2
HPdes Security Advisory: HPSBMU03074
http://marc.info/?l=bugtraq&m=140621259019789&w=2
HPdes Security Advisory: HPSBMU03076
http://marc.info/?l=bugtraq&m=140904544427729&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2014:090
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest
http://openwall.com/lists/oss-security/2014/04/13/1
OpenBSD Security Advisory: [5.5] 004: SECURITY FIX: April 12, 2014
http://www.openbsd.org/errata55.html#004_openssl
http://secunia.com/advisories/58337
http://secunia.com/advisories/58713
http://secunia.com/advisories/58939
http://secunia.com/advisories/58977
http://secunia.com/advisories/59162
http://secunia.com/advisories/59287
http://secunia.com/advisories/59300
http://secunia.com/advisories/59301
http://secunia.com/advisories/59342
http://secunia.com/advisories/59413
http://secunia.com/advisories/59437
http://secunia.com/advisories/59438
http://secunia.com/advisories/59440
http://secunia.com/advisories/59450
http://secunia.com/advisories/59490
http://secunia.com/advisories/59655
http://secunia.com/advisories/59666
http://secunia.com/advisories/59669
http://secunia.com/advisories/59721
SuSE Security Announcement: SUSE-SU-2015:0743 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2025 E-Soft Inc. Todos los derechos reservados.