ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0470
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0470)
Resumen:	The remote host is missing an update for the 'openssl' package(s) announced via the MGASA-2018-0470 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the MGASA-2018-0470 advisory. Vulnerability Insight: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). (CVE-2018-0734) Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. (CVE-2018-5407 Affected Software/OS: 'openssl' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-0734 BugTraq ID: 105758 http://www.securityfocus.com/bid/105758 Debian Security Information: DSA-4348 (Google Search) https://www.debian.org/security/2018/dsa-4348 Debian Security Information: DSA-4355 (Google Search) https://www.debian.org/security/2018/dsa-4355 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/ https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html RedHat Security Advisories: RHSA-2019:2304 https://access.redhat.com/errata/RHSA-2019:2304 RedHat Security Advisories: RHSA-2019:3700 https://access.redhat.com/errata/RHSA-2019:3700 RedHat Security Advisories: RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3932 RedHat Security Advisories: RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3933 RedHat Security Advisories: RHSA-2019:3935 https://access.redhat.com/errata/RHSA-2019:3935 SuSE Security Announcement: openSUSE-SU-2019:1547 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html SuSE Security Announcement: openSUSE-SU-2019:1814 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html https://usn.ubuntu.com/3840-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5407 BugTraq ID: 105897 http://www.securityfocus.com/bid/105897 https://www.exploit-db.com/exploits/45785/ https://security.gentoo.org/glsa/201903-10 https://eprint.iacr.org/2018/1060.pdf https://github.com/bbbrumley/portsmash https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html RedHat Security Advisories: RHSA-2019:0483 https://access.redhat.com/errata/RHSA-2019:0483 RedHat Security Advisories: RHSA-2019:0651 https://access.redhat.com/errata/RHSA-2019:0651 RedHat Security Advisories: RHSA-2019:0652 https://access.redhat.com/errata/RHSA-2019:0652 RedHat Security Advisories: RHSA-2019:2125 https://access.redhat.com/errata/RHSA-2019:2125 RedHat Security Advisories: RHSA-2019:3929 https://access.redhat.com/errata/RHSA-2019:3929 RedHat Security Advisories: RHSA-2019:3931 https://access.redhat.com/errata/RHSA-2019:3931
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.