Debian Local Security Checks : Debian: Security Advisory (DSA-888-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.55813
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-888-1)
Summary:	The remote host is missing an update for the Debian 'openssl' package(s) announced via the DSA-888-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'openssl' package(s) announced via the DSA-888-1 advisory. Vulnerability Insight: Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0. The following matrix explains which version in which distribution has this problem corrected. oldstable (woody) stable (sarge) unstable (sid) openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 openssl094 0.9.4-6.woody.4 n/a n/a openssl095 0.9.5a-6.woody.6 n/a n/a openssl096 n/a 0.9.6m-1sarge1 n/a openssl097 n/a n/a 0.9.7g-5 We recommend that you upgrade your libssl packages. Affected Software/OS: 'openssl' package(s) on Debian 3.0, Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2969 1015032 http://securitytracker.com/id?1015032 101974 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1 15071 http://www.securityfocus.com/bid/15071 15647 http://www.securityfocus.com/bid/15647 17146 http://secunia.com/advisories/17146 17151 http://secunia.com/advisories/17151 17153 http://secunia.com/advisories/17153 17169 http://secunia.com/advisories/17169 17178 http://secunia.com/advisories/17178 17180 http://secunia.com/advisories/17180 17189 http://secunia.com/advisories/17189 17191 http://secunia.com/advisories/17191 17210 http://secunia.com/advisories/17210 17259 http://secunia.com/advisories/17259 17288 http://secunia.com/advisories/17288 17335 http://secunia.com/advisories/17335 17344 http://secunia.com/advisories/17344 17389 http://secunia.com/advisories/17389 17409 http://secunia.com/advisories/17409 17432 http://secunia.com/advisories/17432 17466 http://secunia.com/advisories/17466 17589 http://secunia.com/advisories/17589 17617 http://secunia.com/advisories/17617 17632 http://secunia.com/advisories/17632 17813 http://secunia.com/advisories/17813 17888 http://secunia.com/advisories/17888 18045 http://secunia.com/advisories/18045 18123 http://secunia.com/advisories/18123 18165 http://secunia.com/advisories/18165 18663 http://secunia.com/advisories/18663 19185 http://secunia.com/advisories/19185 20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml 21827 http://secunia.com/advisories/21827 23280 http://secunia.com/advisories/23280 23340 http://secunia.com/advisories/23340 23843 http://secunia.com/advisories/23843 23915 http://secunia.com/advisories/23915 24799 http://www.securityfocus.com/bid/24799 25973 http://secunia.com/advisories/25973 26893 http://secunia.com/advisories/26893 31492 http://secunia.com/advisories/31492 ADV-2005-2036 http://www.vupen.com/english/advisories/2005/2036 ADV-2005-2659 http://www.vupen.com/english/advisories/2005/2659 ADV-2005-2710 http://www.vupen.com/english/advisories/2005/2710 ADV-2005-2908 http://www.vupen.com/english/advisories/2005/2908 ADV-2005-3002 http://www.vupen.com/english/advisories/2005/3002 ADV-2005-3056 http://www.vupen.com/english/advisories/2005/3056 ADV-2006-3531 http://www.vupen.com/english/advisories/2006/3531 ADV-2007-0326 http://www.vupen.com/english/advisories/2007/0326 ADV-2007-0343 http://www.vupen.com/english/advisories/2007/0343 ADV-2007-2457 http://www.vupen.com/english/advisories/2007/2457 APPLE-SA-2005-11-29 http://docs.info.apple.com/article.html?artnum=302847 DSA-875 http://www.debian.org/security/2005/dsa-875 DSA-881 http://www.debian.org/security/2005/dsa-881 DSA-882 http://www.debian.org/security/2005/dsa-882 HPSBUX02174 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 HPSBUX02186 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 MDKSA-2005:179 http://www.mandriva.com/security/advisories?name=MDKSA-2005:179 RHSA-2005:762 http://www.redhat.com/support/errata/RHSA-2005-762.html RHSA-2005:800 http://www.redhat.com/support/errata/RHSA-2005-800.html RHSA-2008:0629 http://www.redhat.com/support/errata/RHSA-2008-0629.html SSRT061239 SSRT071299 SUSE-SA:2005:061 http://www.novell.com/linux/security/advisories/2005_61_openssl.html TSLSA-2005-0059 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf hitachi-hicommand-security-bypass(35287) https://exchange.xforce.ibmcloud.com/vulnerabilities/35287 http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754 http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt http://www.openssl.org/news/secadv_20051011.txt https://issues.rpath.com/browse/RPL-1633 oval:org.mitre.oval:def:11454 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454
Copyright	Copyright (C) 2008 Greenbone AG