Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68557
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0978
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0978.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code.
A remote attacker could possibly use this flaw to change the ciphersuite
associated with a cached session stored on the server, if the server
enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly
forcing the client to use a weaker ciphersuite after resuming the session.
(CVE-2010-4180, CVE-2008-7270)

Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
option has no effect and this bug workaround can no longer be enabled.

All OpenSSL users should upgrade to these updated packages, which contain a
backported patch to resolve these issues. For the update to take effect,
all services linked to the OpenSSL library must be restarted, or the system
rebooted.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0978.html

Risk factor : Medium

CVSS Score:
4.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-7270
BugTraq ID: 45254
http://www.securityfocus.com/bid/45254
HPdes Security Advisory: HPSBHF02706
http://marc.info/?l=bugtraq&m=132077688910227&w=2
HPdes Security Advisory: HPSBMU02759
http://www.securityfocus.com/archive/1/522176
HPdes Security Advisory: SSRT100613
HPdes Security Advisory: SSRT100817
http://www.redhat.com/support/errata/RHSA-2010-0977.html
http://www.redhat.com/support/errata/RHSA-2010-0978.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://secunia.com/advisories/42493
http://ubuntu.com/usn/usn-1029-1
Common Vulnerability Exposure (CVE) ID: CVE-2010-4180
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
BugTraq ID: 45164
http://www.securityfocus.com/bid/45164
CERT/CC vulnerability note: VU#737740
http://www.kb.cert.org/vuls/id/737740
Debian Security Information: DSA-2141 (Google Search)
http://www.debian.org/security/2011/dsa-2141
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html
HPdes Security Advisory: HPSBMA02658
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
HPdes Security Advisory: HPSBOV02670
http://marc.info/?l=bugtraq&m=130497251507577&w=2
HPdes Security Advisory: HPSBUX02638
http://marc.info/?l=bugtraq&m=129916880600544&w=2
HPdes Security Advisory: SSRT100339
HPdes Security Advisory: SSRT100413
HPdes Security Advisory: SSRT100475
http://www.mandriva.com/security/advisories?name=MDVSA-2010:248
http://osvdb.org/69565
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910
http://www.redhat.com/support/errata/RHSA-2010-0979.html
http://www.securitytracker.com/id?1024822
http://secunia.com/advisories/42469
http://secunia.com/advisories/42473
http://secunia.com/advisories/42571
http://secunia.com/advisories/42620
http://secunia.com/advisories/42811
http://secunia.com/advisories/42877
http://secunia.com/advisories/43169
http://secunia.com/advisories/43170
http://secunia.com/advisories/43171
http://secunia.com/advisories/43172
http://secunia.com/advisories/43173
http://secunia.com/advisories/44269
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471
SuSE Security Announcement: SUSE-SR:2011:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
SuSE Security Announcement: SUSE-SU-2011:0847 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
SuSE Security Announcement: openSUSE-SU-2011:0845 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
http://www.vupen.com/english/advisories/2010/3120
http://www.vupen.com/english/advisories/2010/3122
http://www.vupen.com/english/advisories/2010/3134
http://www.vupen.com/english/advisories/2010/3188
http://www.vupen.com/english/advisories/2011/0032
http://www.vupen.com/english/advisories/2011/0076
http://www.vupen.com/english/advisories/2011/0268
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.