Test ID:	1.3.6.1.4.1.25623.1.0.702621
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2621-1)
Summary:	The remote host is missing an update for the Debian 'openssl' package(s) announced via the DSA-2621-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'openssl' package(s) announced via the DSA-2621-1 advisory. Vulnerability Insight: Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an invalid key. CVE-2013-0169 A timing side channel attack has been found in CBC padding allowing an attacker to recover pieces of plaintext via statistical analysis of crafted packages, known as the Lucky Thirteen issue. For the stable distribution (squeeze), these problems have been fixed in version 0.9.8o-4squeeze14. For the testing distribution (wheezy), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 1.0.1e-1. We recommend that you upgrade your openssl packages. Affected Software/OS: 'openssl' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0166 http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html CERT/CC vulnerability note: VU#737740 http://www.kb.cert.org/vuls/id/737740 Debian Security Information: DSA-2621 (Google Search) http://www.debian.org/security/2013/dsa-2621 HPdes Security Advisory: HPSBOV02852 http://marc.info/?l=bugtraq&m=136432043316835&w=2 HPdes Security Advisory: HPSBUX02856 http://marc.info/?l=bugtraq&m=136396549913849&w=2 HPdes Security Advisory: HPSBUX02909 http://marc.info/?l=bugtraq&m=137545771702053&w=2 HPdes Security Advisory: SSRT101104 HPdes Security Advisory: SSRT101108 HPdes Security Advisory: SSRT101289 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487 RedHat Security Advisories: RHSA-2013:0587 http://rhn.redhat.com/errata/RHSA-2013-0587.html RedHat Security Advisories: RHSA-2013:0782 http://rhn.redhat.com/errata/RHSA-2013-0782.html RedHat Security Advisories: RHSA-2013:0783 http://rhn.redhat.com/errata/RHSA-2013-0783.html RedHat Security Advisories: RHSA-2013:0833 http://rhn.redhat.com/errata/RHSA-2013-0833.html http://secunia.com/advisories/53623 http://secunia.com/advisories/55108 http://secunia.com/advisories/55139 SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2013-0169 BugTraq ID: 57778 http://www.securityfocus.com/bid/57778 Cert/CC Advisory: TA13-051A http://www.us-cert.gov/cas/techalerts/TA13-051A.html Debian Security Information: DSA-2622 (Google Search) http://www.debian.org/security/2013/dsa-2622 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBMU02874 http://marc.info/?l=bugtraq&m=136733161405818&w=2 HPdes Security Advisory: HPSBUX02857 http://marc.info/?l=bugtraq&m=136439120408139&w=2 HPdes Security Advisory: SSRT101103 HPdes Security Advisory: SSRT101184 http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/ http://www.isg.rhul.ac.uk/tls/TLStiming.pdf https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html http://openwall.com/lists/oss-security/2013/02/05/24 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608 RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html RedHat Security Advisories: RHSA-2013:1456 http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.securitytracker.com/id/1029190 http://secunia.com/advisories/55322 http://secunia.com/advisories/55350 http://secunia.com/advisories/55351 SuSE Security Announcement: SUSE-SU-2013:0328 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html SuSE Security Announcement: SUSE-SU-2013:0701 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html SuSE Security Announcement: openSUSE-SU-2013:0375 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html SuSE Security Announcement: openSUSE-SU-2013:0378 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html http://www.ubuntu.com/usn/USN-1735-1
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.