Test ID:	1.3.6.1.4.1.25623.1.0.64935
Category:	CentOS Local Security Checks
Title:	CentOS Security Advisory CESA-2009:1335 (openssl)
Summary:	The remote host is missing updates to openssl announced in;advisory CESA-2009:1335.
Description:	Summary: The remote host is missing updates to openssl announced in advisory CESA-2009:1335. Vulnerability Insight: For details on the issues addressed in this update, please visit the referenced security advisories. Solution: Update the appropriate packages on your system. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0590 1021905 http://securitytracker.com/id?1021905 20090403 rPSA-2009-0057-1 m2crypto openssl openssl-scripts http://www.securityfocus.com/archive/1/502429/100/0/threaded 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console http://www.securityfocus.com/archive/1/515055/100/0/threaded 258048 http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1 34256 http://www.securityfocus.com/bid/34256 34411 http://secunia.com/advisories/34411 34460 http://secunia.com/advisories/34460 34509 http://secunia.com/advisories/34509 34561 http://secunia.com/advisories/34561 34666 http://secunia.com/advisories/34666 34896 http://secunia.com/advisories/34896 34960 http://secunia.com/advisories/34960 35065 http://secunia.com/advisories/35065 35181 http://secunia.com/advisories/35181 35380 http://secunia.com/advisories/35380 35729 http://secunia.com/advisories/35729 36533 http://secunia.com/advisories/36533 36701 http://secunia.com/advisories/36701 38794 http://secunia.com/advisories/38794 38834 http://secunia.com/advisories/38834 42467 http://secunia.com/advisories/42467 42724 http://secunia.com/advisories/42724 42733 http://secunia.com/advisories/42733 52864 http://www.osvdb.org/52864 ADV-2009-0850 http://www.vupen.com/english/advisories/2009/0850 ADV-2009-1020 http://www.vupen.com/english/advisories/2009/1020 ADV-2009-1175 http://www.vupen.com/english/advisories/2009/1175 ADV-2009-1220 http://www.vupen.com/english/advisories/2009/1220 ADV-2009-1548 http://www.vupen.com/english/advisories/2009/1548 ADV-2010-0528 http://www.vupen.com/english/advisories/2010/0528 ADV-2010-3126 http://www.vupen.com/english/advisories/2010/3126 APPLE-SA-2009-09-10-2 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html DSA-1763 http://www.debian.org/security/2009/dsa-1763 FreeBSD-SA-09:08 http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc HPSBMA02447 http://marc.info/?l=bugtraq&m=125017764422557&w=2 HPSBOV02540 http://marc.info/?l=bugtraq&m=127678688104458&w=2 HPSBUX02435 http://marc.info/?l=bugtraq&m=124464882609472&w=2 MDVSA-2009:087 http://www.mandriva.com/security/advisories?name=MDVSA-2009:087 NetBSD-SA2009-008 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc RHSA-2009:1335 http://www.redhat.com/support/errata/RHSA-2009-1335.html SSRT090059 SSRT090062 SUSE-SR:2009:010 http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html SUSE-SU-2011:0847 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html USN-750-1 http://www.ubuntu.com/usn/usn-750-1 [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates http://lists.vmware.com/pipermail/security-announce/2010/000082.html [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847 http://support.apple.com/kb/HT3865 http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html http://wiki.rpath.com/Advisories:rPSA-2009-0057 http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057 http://www.openssl.org/news/secadv_20090325.txt http://www.php.net/archive/2009.php#id2009-04-08-1 http://www.vmware.com/security/advisories/VMSA-2010-0019.html https://kb.bluecoat.com/index?page=content&id=SA50 openSUSE-SU-2011:0845 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html openssl-asn1-stringprintex-dos(49431) https://exchange.xforce.ibmcloud.com/vulnerabilities/49431 oval:org.mitre.oval:def:10198 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198 oval:org.mitre.oval:def:6996 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996 Common Vulnerability Exposure (CVE) ID: CVE-2009-1377 1022241 http://www.securitytracker.com/id?1022241 35001 http://www.securityfocus.com/bid/35001 35128 http://secunia.com/advisories/35128 35416 http://secunia.com/advisories/35416 35461 http://secunia.com/advisories/35461 35571 http://secunia.com/advisories/35571 37003 http://secunia.com/advisories/37003 38761 http://secunia.com/advisories/38761 ADV-2009-1377 http://www.vupen.com/english/advisories/2009/1377 GLSA-200912-01 http://security.gentoo.org/glsa/glsa-200912-01.xml HPSBMA02492 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 MDVSA-2009:120 http://www.mandriva.com/security/advisories?name=MDVSA-2009:120 NetBSD-SA2009-009 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc SSA:2010-060-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 SSRT100079 SUSE-SR:2009:011 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html USN-792-1 http://www.ubuntu.com/usn/USN-792-1 [openssl-dev] 20090516 [openssl.org #1930] [PATCH] DTLS record buffer limitation bug http://marc.info/?l=openssl-dev&m=124247675613888&w=2 [oss-security] 20090518 Two OpenSSL DTLS remote DoS http://www.openwall.com/lists/oss-security/2009/05/18/1 http://cvs.openssl.org/chngview?cn=18187 http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html https://launchpad.net/bugs/cve/2009-1377 oval:org.mitre.oval:def:6683 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683 oval:org.mitre.oval:def:9663 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663 Common Vulnerability Exposure (CVE) ID: CVE-2009-1378 8720 https://www.exploit-db.com/exploits/8720 [openssl-dev] 20090516 [openssl.org #1931] [PATCH] DTLS fragment handling memory leak http://marc.info/?l=openssl-dev&m=124247679213944&w=2 [openssl-dev] 20090518 Re: [openssl.org #1931] [PATCH] DTLS fragment handling memory leak http://marc.info/?l=openssl-dev&m=124263491424212&w=2 http://cvs.openssl.org/chngview?cn=18188 http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest https://launchpad.net/bugs/cve/2009-1378 oval:org.mitre.oval:def:11309 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309 oval:org.mitre.oval:def:7229 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229 Common Vulnerability Exposure (CVE) ID: CVE-2009-1379 35138 http://www.securityfocus.com/bid/35138 [oss-security] 20090518 Re: Two OpenSSL DTLS remote DoS http://www.openwall.com/lists/oss-security/2009/05/18/4 http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest https://launchpad.net/bugs/cve/2009-1379 openssl-dtls1retrievebufferedfragment-dos(50661) https://exchange.xforce.ibmcloud.com/vulnerabilities/50661 oval:org.mitre.oval:def:6848 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848 oval:org.mitre.oval:def:9744 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744 Common Vulnerability Exposure (CVE) ID: CVE-2009-1386 35174 http://www.securityfocus.com/bid/35174 35685 http://secunia.com/advisories/35685 8873 https://www.exploit-db.com/exploits/8873 SUSE-SR:2009:012 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html [oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS http://www.openwall.com/lists/oss-security/2009/06/02/1 http://cvs.openssl.org/chngview?cn=17369 http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest openssl-changecipherspec-dos(50963) https://exchange.xforce.ibmcloud.com/vulnerabilities/50963 oval:org.mitre.oval:def:11179 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179 oval:org.mitre.oval:def:7469 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469 Common Vulnerability Exposure (CVE) ID: CVE-2009-1387 HPdes Security Advisory: HPSBMA02492 HPdes Security Advisory: SSRT100079 NETBSD Security Advisory: NetBSD-SA2009-009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592 SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.