Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2014-320)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.120209
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2014-320)
Summary:	The remote host is missing an update for the 'openssl' package(s) announced via the ALAS-2014-320 advisory.
Description:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the ALAS-2014-320 advisory. Vulnerability Insight: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the 'Lucky Thirteen' issue. The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Affected Software/OS: 'openssl' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0169 http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html BugTraq ID: 57778 http://www.securityfocus.com/bid/57778 Cert/CC Advisory: TA13-051A http://www.us-cert.gov/cas/techalerts/TA13-051A.html CERT/CC vulnerability note: VU#737740 http://www.kb.cert.org/vuls/id/737740 Debian Security Information: DSA-2621 (Google Search) http://www.debian.org/security/2013/dsa-2621 Debian Security Information: DSA-2622 (Google Search) http://www.debian.org/security/2013/dsa-2622 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBMU02874 http://marc.info/?l=bugtraq&m=136733161405818&w=2 HPdes Security Advisory: HPSBOV02852 http://marc.info/?l=bugtraq&m=136432043316835&w=2 HPdes Security Advisory: HPSBUX02856 http://marc.info/?l=bugtraq&m=136396549913849&w=2 HPdes Security Advisory: HPSBUX02857 http://marc.info/?l=bugtraq&m=136439120408139&w=2 HPdes Security Advisory: HPSBUX02909 http://marc.info/?l=bugtraq&m=137545771702053&w=2 HPdes Security Advisory: SSRT101103 HPdes Security Advisory: SSRT101104 HPdes Security Advisory: SSRT101108 HPdes Security Advisory: SSRT101184 HPdes Security Advisory: SSRT101289 http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/ http://www.isg.rhul.ac.uk/tls/TLStiming.pdf https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html http://openwall.com/lists/oss-security/2013/02/05/24 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608 RedHat Security Advisories: RHSA-2013:0587 http://rhn.redhat.com/errata/RHSA-2013-0587.html RedHat Security Advisories: RHSA-2013:0782 http://rhn.redhat.com/errata/RHSA-2013-0782.html RedHat Security Advisories: RHSA-2013:0783 http://rhn.redhat.com/errata/RHSA-2013-0783.html RedHat Security Advisories: RHSA-2013:0833 http://rhn.redhat.com/errata/RHSA-2013-0833.html RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html RedHat Security Advisories: RHSA-2013:1456 http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.securitytracker.com/id/1029190 http://secunia.com/advisories/53623 http://secunia.com/advisories/55108 http://secunia.com/advisories/55139 http://secunia.com/advisories/55322 http://secunia.com/advisories/55350 http://secunia.com/advisories/55351 SuSE Security Announcement: SUSE-SU-2013:0328 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html SuSE Security Announcement: SUSE-SU-2013:0701 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html SuSE Security Announcement: openSUSE-SU-2013:0375 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html SuSE Security Announcement: openSUSE-SU-2013:0378 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html http://www.ubuntu.com/usn/USN-1735-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-0160 BugTraq ID: 66690 http://www.securityfocus.com/bid/66690 Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded Cert/CC Advisory: TA14-098A http://www.us-cert.gov/ncas/alerts/TA14-098A CERT/CC vulnerability note: VU#720951 http://www.kb.cert.org/vuls/id/720951 Cisco Security Advisory: 20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed Debian Security Information: DSA-2896 (Google Search) http://www.debian.org/security/2014/dsa-2896 http://www.exploit-db.com/exploits/32745 http://www.exploit-db.com/exploits/32764 http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://seclists.org/fulldisclosure/2014/Apr/91 http://seclists.org/fulldisclosure/2014/Apr/90 http://seclists.org/fulldisclosure/2014/Apr/109 http://seclists.org/fulldisclosure/2014/Apr/173 http://seclists.org/fulldisclosure/2014/Apr/190 http://seclists.org/fulldisclosure/2014/Dec/23 HPdes Security Advisory: HPSBGN03008 http://marc.info/?l=bugtraq&m=139774054614965&w=2 HPdes Security Advisory: HPSBGN03010 http://marc.info/?l=bugtraq&m=139774703817488&w=2 HPdes Security Advisory: HPSBGN03011 http://marc.info/?l=bugtraq&m=139833395230364&w=2 HPdes Security Advisory: HPSBHF03021 http://marc.info/?l=bugtraq&m=139835815211508&w=2 HPdes Security Advisory: HPSBHF03136 http://marc.info/?l=bugtraq&m=141287864628122&w=2 HPdes Security Advisory: HPSBHF03293 http://marc.info/?l=bugtraq&m=142660345230545&w=2 HPdes Security Advisory: HPSBMU02994 http://marc.info/?l=bugtraq&m=139757726426985&w=2 HPdes Security Advisory: HPSBMU02995 http://marc.info/?l=bugtraq&m=139722163017074&w=2 HPdes Security Advisory: HPSBMU02997 http://marc.info/?l=bugtraq&m=139757919027752&w=2 HPdes Security Advisory: HPSBMU02998 http://marc.info/?l=bugtraq&m=139757819327350&w=2 HPdes Security Advisory: HPSBMU02999 http://marc.info/?l=bugtraq&m=139765756720506&w=2 HPdes Security Advisory: HPSBMU03009 http://marc.info/?l=bugtraq&m=139905458328378&w=2 HPdes Security Advisory: HPSBMU03012 http://marc.info/?l=bugtraq&m=139808058921905&w=2 HPdes Security Advisory: HPSBMU03013 http://marc.info/?l=bugtraq&m=139824993005633&w=2 HPdes Security Advisory: HPSBMU03017 http://marc.info/?l=bugtraq&m=139817727317190&w=2 HPdes Security Advisory: HPSBMU03018 http://marc.info/?l=bugtraq&m=139817782017443&w=2 HPdes Security Advisory: HPSBMU03019 http://marc.info/?l=bugtraq&m=139817685517037&w=2 HPdes Security Advisory: HPSBMU03020 http://marc.info/?l=bugtraq&m=139836085512508&w=2 HPdes Security Advisory: HPSBMU03022 http://marc.info/?l=bugtraq&m=139869891830365&w=2 HPdes Security Advisory: HPSBMU03023 http://marc.info/?l=bugtraq&m=139843768401936&w=2 HPdes Security Advisory: HPSBMU03024 http://marc.info/?l=bugtraq&m=139889113431619&w=2 HPdes Security Advisory: HPSBMU03025 http://marc.info/?l=bugtraq&m=139869720529462&w=2 HPdes Security Advisory: HPSBMU03028 http://marc.info/?l=bugtraq&m=139905243827825&w=2 HPdes Security Advisory: HPSBMU03029 http://marc.info/?l=bugtraq&m=139905202427693&w=2 HPdes Security Advisory: HPSBMU03030 http://marc.info/?l=bugtraq&m=139905351928096&w=2 HPdes Security Advisory: HPSBMU03032 http://marc.info/?l=bugtraq&m=139905405728262&w=2 HPdes Security Advisory: HPSBMU03033 http://marc.info/?l=bugtraq&m=139905295427946&w=2 HPdes Security Advisory: HPSBMU03037 http://marc.info/?l=bugtraq&m=140724451518351&w=2 HPdes Security Advisory: HPSBMU03040 http://marc.info/?l=bugtraq&m=140015787404650&w=2 HPdes Security Advisory: HPSBMU03044 http://marc.info/?l=bugtraq&m=140075368411126&w=2 HPdes Security Advisory: HPSBMU03062 http://marc.info/?l=bugtraq&m=140752315422991&w=2 HPdes Security Advisory: HPSBPI03014 http://marc.info/?l=bugtraq&m=139835844111589&w=2 HPdes Security Advisory: HPSBPI03031 http://marc.info/?l=bugtraq&m=139889295732144&w=2 HPdes Security Advisory: HPSBST03000 https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken HPdes Security Advisory: HPSBST03001 http://marc.info/?l=bugtraq&m=139758572430452&w=2 HPdes Security Advisory: HPSBST03004 http://marc.info/?l=bugtraq&m=139905653828999&w=2 HPdes Security Advisory: HPSBST03015 http://marc.info/?l=bugtraq&m=139824923705461&w=2 HPdes Security Advisory: HPSBST03016 http://marc.info/?l=bugtraq&m=139842151128341&w=2 HPdes Security Advisory: HPSBST03027 http://marc.info/?l=bugtraq&m=139905868529690&w=2 HPdes Security Advisory: SSRT101846 http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/ http://heartbleed.com/ https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 https://gist.github.com/chapmajs/10473815 https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html https://www.cert.fi/en/reports/2014/vulnerability788210.html https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2014:0376 http://rhn.redhat.com/errata/RHSA-2014-0376.html RedHat Security Advisories: RHSA-2014:0377 http://rhn.redhat.com/errata/RHSA-2014-0377.html RedHat Security Advisories: RHSA-2014:0378 http://rhn.redhat.com/errata/RHSA-2014-0378.html RedHat Security Advisories: RHSA-2014:0396 http://rhn.redhat.com/errata/RHSA-2014-0396.html http://www.securitytracker.com/id/1030026 http://www.securitytracker.com/id/1030074 http://www.securitytracker.com/id/1030077 http://www.securitytracker.com/id/1030078 http://www.securitytracker.com/id/1030079 http://www.securitytracker.com/id/1030080 http://www.securitytracker.com/id/1030081 http://www.securitytracker.com/id/1030082 http://secunia.com/advisories/57347 http://secunia.com/advisories/57483 http://secunia.com/advisories/57721 http://secunia.com/advisories/57836 http://secunia.com/advisories/57966 http://secunia.com/advisories/57968 http://secunia.com/advisories/59139 http://secunia.com/advisories/59243 http://secunia.com/advisories/59347 SuSE Security Announcement: SUSE-SA:2014:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html SuSE Security Announcement: openSUSE-SU-2014:0492 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html SuSE Security Announcement: openSUSE-SU-2014:0560 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html http://www.ubuntu.com/usn/USN-2165-1
Copyright	Copyright (C) 2015 Greenbone AG