Test ID:	1.3.6.1.4.1.25623.1.0.68997
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2162-1)
Summary:	The remote host is missing an update for the Debian 'openssl' package(s) announced via the DSA-2162-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'openssl' package(s) announced via the DSA-2162-1 advisory. Vulnerability Insight: Neel Mehta discovered that an incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. This allows an attacker to crash an application using OpenSSL by triggering an invalid memory access. Additionally, some applications may be vulnerable to expose contents of a parsed OCSP nonce extension. Packages in the oldstable distribution (lenny) are not affected by this problem. For the stable distribution (squeeze), this problem has been fixed in version 0.9.8o-4squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 0.9.8o-5. For the unstable distribution (sid), this problem has been fixed in version 0.9.8o-5. We recommend that you upgrade your openssl packages. Affected Software/OS: 'openssl' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0014 1025050 http://www.securitytracker.com/id?1025050 43227 http://secunia.com/advisories/43227 43286 http://secunia.com/advisories/43286 43301 http://secunia.com/advisories/43301 43339 http://secunia.com/advisories/43339 44269 http://secunia.com/advisories/44269 46264 http://www.securityfocus.com/bid/46264 57353 http://secunia.com/advisories/57353 70847 http://osvdb.org/70847 ADV-2011-0361 http://www.vupen.com/english/advisories/2011/0361 ADV-2011-0387 http://www.vupen.com/english/advisories/2011/0387 ADV-2011-0389 http://www.vupen.com/english/advisories/2011/0389 ADV-2011-0395 http://www.vupen.com/english/advisories/2011/0395 ADV-2011-0399 http://www.vupen.com/english/advisories/2011/0399 ADV-2011-0603 http://www.vupen.com/english/advisories/2011/0603 APPLE-SA-2011-06-23-1 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html DSA-2162 http://www.debian.org/security/2011/dsa-2162 FEDORA-2011-1273 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html HPSBMA02658 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 HPSBOV02670 http://marc.info/?l=bugtraq&m=130497251507577&w=2 HPSBUX02689 http://marc.info/?l=bugtraq&m=131042179515633&w=2 MDVSA-2011:028 http://www.mandriva.com/security/advisories?name=MDVSA-2011:028 NetBSD-SA2011-002 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc RHSA-2011:0677 http://www.redhat.com/support/errata/RHSA-2011-0677.html SSA:2011-041-04 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.668823 SSRT100413 SSRT100475 SSRT100494 SUSE-SR:2011:005 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html USN-1064-1 http://www.ubuntu.com/usn/USN-1064-1 http://support.apple.com/kb/HT4723 http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 http://www.openssl.org/news/secadv_20110208.txt https://support.f5.com/csp/article/K10534046 oval:org.mitre.oval:def:18985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.