Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68556
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0977
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0977.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code.
A remote attacker could possibly use this flaw to change the ciphersuite
associated with a cached session stored on the server, if the server
enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly
forcing the client to use a weaker ciphersuite after resuming the session.
(CVE-2010-4180, CVE-2008-7270)

Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
option has no effect and this bug workaround can no longer be enabled.

It was discovered that OpenSSL did not always check the return value of the
bn_wexpand() function. An attacker able to trigger a memory allocation
failure in that function could possibly crash an application using the
OpenSSL library and its UBSEC hardware engine support. (CVE-2009-3245)

All OpenSSL users should upgrade to these updated packages, which contain
backported patches to resolve these issues. For the update to take effect,
all services linked to the OpenSSL library must be restarted, or the system
rebooted.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0977.html

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-7270
BugTraq ID: 45254
http://www.securityfocus.com/bid/45254
HPdes Security Advisory: HPSBHF02706
http://marc.info/?l=bugtraq&m=132077688910227&w=2
HPdes Security Advisory: HPSBMU02759
http://www.securityfocus.com/archive/1/522176
HPdes Security Advisory: SSRT100613
HPdes Security Advisory: SSRT100817
http://www.redhat.com/support/errata/RHSA-2010-0977.html
http://www.redhat.com/support/errata/RHSA-2010-0978.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://secunia.com/advisories/42493
http://ubuntu.com/usn/usn-1029-1
Common Vulnerability Exposure (CVE) ID: CVE-2009-3245
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
BugTraq ID: 38562
http://www.securityfocus.com/bid/38562
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
HPdes Security Advisory: HPSBOV02540
http://marc.info/?l=bugtraq&m=127678688104458&w=2
HPdes Security Advisory: HPSBUX02517
http://marc.info/?l=bugtraq&m=127128920008563&w=2
HPdes Security Advisory: SSRT100058
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html
http://marc.info/?l=openssl-cvs&m=126692180606861&w=2
http://marc.info/?l=openssl-cvs&m=126692159706582&w=2
http://marc.info/?l=openssl-cvs&m=126692170906712&w=2
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790
http://secunia.com/advisories/37291
http://secunia.com/advisories/38761
http://secunia.com/advisories/39461
http://secunia.com/advisories/39932
http://secunia.com/advisories/42724
http://secunia.com/advisories/42733
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://www.ubuntu.com/usn/USN-1003-1
http://www.vupen.com/english/advisories/2010/0839
http://www.vupen.com/english/advisories/2010/0916
http://www.vupen.com/english/advisories/2010/0933
http://www.vupen.com/english/advisories/2010/1216
Common Vulnerability Exposure (CVE) ID: CVE-2010-4180
BugTraq ID: 45164
http://www.securityfocus.com/bid/45164
CERT/CC vulnerability note: VU#737740
http://www.kb.cert.org/vuls/id/737740
Debian Security Information: DSA-2141 (Google Search)
http://www.debian.org/security/2011/dsa-2141
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html
HPdes Security Advisory: HPSBMA02658
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
HPdes Security Advisory: HPSBOV02670
http://marc.info/?l=bugtraq&m=130497251507577&w=2
HPdes Security Advisory: HPSBUX02638
http://marc.info/?l=bugtraq&m=129916880600544&w=2
HPdes Security Advisory: SSRT100339
HPdes Security Advisory: SSRT100413
HPdes Security Advisory: SSRT100475
http://www.mandriva.com/security/advisories?name=MDVSA-2010:248
http://osvdb.org/69565
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910
http://www.redhat.com/support/errata/RHSA-2010-0979.html
http://www.securitytracker.com/id?1024822
http://secunia.com/advisories/42469
http://secunia.com/advisories/42473
http://secunia.com/advisories/42571
http://secunia.com/advisories/42620
http://secunia.com/advisories/42811
http://secunia.com/advisories/42877
http://secunia.com/advisories/43169
http://secunia.com/advisories/43170
http://secunia.com/advisories/43171
http://secunia.com/advisories/43172
http://secunia.com/advisories/43173
http://secunia.com/advisories/44269
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471
SuSE Security Announcement: SUSE-SR:2011:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
SuSE Security Announcement: SUSE-SU-2011:0847 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
SuSE Security Announcement: openSUSE-SU-2011:0845 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
http://www.vupen.com/english/advisories/2010/3120
http://www.vupen.com/english/advisories/2010/3122
http://www.vupen.com/english/advisories/2010/3134
http://www.vupen.com/english/advisories/2010/3188
http://www.vupen.com/english/advisories/2011/0032
http://www.vupen.com/english/advisories/2011/0076
http://www.vupen.com/english/advisories/2011/0268
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.