ID de Prueba:	1.3.6.1.4.1.25623.1.1.13.2015.162.01
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2015-162-01)
Resumen:	The remote host is missing an update for the 'openssl' package(s) announced via the SSA:2015-162-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the SSA:2015-162-01 advisory. Vulnerability Insight: New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz: Upgraded. Fixes several bugs and security issues: o Malformed ECParameters causes infinite loop (CVE-2015-1788) o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) o CMS verify infinite loop with unknown hash function (CVE-2015-1792) o Race condition handling NewSessionTicket (CVE-2015-1791) For more information, see: [links moved to references] (* Security fix *) patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz: Upgraded. +--------------------------+ Affected Software/OS: 'openssl' package(s) on Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1788 1032564 http://www.securitytracker.com/id/1032564 20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl 75158 http://www.securityfocus.com/bid/75158 91787 http://www.securityfocus.com/bid/91787 APPLE-SA-2015-08-13-2 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html DSA-3287 http://www.debian.org/security/2015/dsa-3287 GLSA-201506-02 https://security.gentoo.org/glsa/201506-02 HPSBMU03409 http://marc.info/?l=bugtraq&m=144050155601375&w=2 HPSBUX03388 http://marc.info/?l=bugtraq&m=143880121627664&w=2 NetBSD-SA2015-008 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc SSRT102180 SUSE-SU-2015:1143 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html SUSE-SU-2015:1150 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html SUSE-SU-2015:1181 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html SUSE-SU-2015:1182 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html SUSE-SU-2015:1184 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html SUSE-SU-2015:1185 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html USN-2639-1 http://www.ubuntu.com/usn/USN-2639-1 http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 http://www-304.ibm.com/support/docview.wss?uid=swg21960041 http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015 http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html https://bto.bluecoat.com/security-advisory/sa98 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351 https://kc.mcafee.com/corporate/index?page=content&id=SB10122 https://openssl.org/news/secadv/20150611.txt https://support.apple.com/kb/HT205031 https://support.citrix.com/article/CTX216642 https://www.openssl.org/news/secadv_20150611.txt openSUSE-SU-2015:1139 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html openSUSE-SU-2015:1277 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html openSUSE-SU-2016:0640 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2015-1789 75156 http://www.securityfocus.com/bid/75156 FEDORA-2015-10047 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html FEDORA-2015-10108 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html HPSBGN03371 http://marc.info/?l=bugtraq&m=143654156615516&w=2 RHSA-2015:1115 http://rhn.redhat.com/errata/RHSA-2015-1115.html RHSA-2015:1197 http://rhn.redhat.com/errata/RHSA-2015-1197.html SUSE-SU-2015:1183 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965 https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11 Common Vulnerability Exposure (CVE) ID: CVE-2015-1790 75157 http://www.securityfocus.com/bid/75157 https://github.com/openssl/openssl/commit/59302b600e8d5b77ef144e447bb046fd7ab72686 Common Vulnerability Exposure (CVE) ID: CVE-2015-1791 1032479 http://www.securitytracker.com/id/1032479 75161 http://www.securityfocus.com/bid/75161 https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc Common Vulnerability Exposure (CVE) ID: CVE-2015-1792 75154 http://www.securityfocus.com/bid/75154 https://github.com/openssl/openssl/commit/cd30f03ac5bf2962f44bd02ae8d88245dff2f12c
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.