|Category:||Amazon Linux Local Security Checks|
|Title:||Amazon Linux Local Check: alas-2016-749|
|Summary:||Amazon Linux Local Security Checks|
Amazon Linux Local Security Checks
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.The OpenSSL Security Advisory [22 Sep 2016] refers to additional CVEs. CVE-2016-6305 does not affect OpenSSL 1.0.1. The remaining CVEs listed will be fixed in a later update.The OpenSSL Security Advisory [26 Sep 2016] refers to two additional CVEs which do not affect OpenSSL 1.0.1.(Updated 2016-09-26: Included a reference to the 26 Sep 2016 upstream advisory.)
Run yum update openssl to update your system.
Common Vulnerability Exposure (CVE) ID: CVE-2016-6304|
SuSE Security Announcement: SUSE-SU-2016:2470 (Google Search)
BugTraq ID: 93150
Common Vulnerability Exposure (CVE) ID: CVE-2016-6305
BugTraq ID: 93149
|Copyright||This script is Copyright (C) 2016 Greenbone Networks GmbH|
|This is only one of 53744 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.