Debian Local Security Checks : Debian: Security Advisory (DSA-2950-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.702950
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2950-1)
Summary:	The remote host is missing an update for the Debian 'openssl' package(s) announced via the DSA-2950-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'openssl' package(s) announced via the DSA-2950-1 advisory. Vulnerability Insight: Multiple vulnerabilities have been discovered in OpenSSL: CVE-2014-0195 Jueri Aedla discovered that a buffer overflow in processing DTLS fragments could lead to the execution of arbitrary code or denial of service. CVE-2014-0221 Imre Rad discovered the processing of DTLS hello packets is susceptible to denial of service. CVE-2014-0224 KIKUCHI Masashi discovered that carefully crafted handshakes can force the use of weak keys, resulting in potential man-in-the-middle attacks. CVE-2014-3470 Felix Groebert and Ivan Fratric discovered that the implementation of anonymous ECDH ciphersuites is suspectible to denial of service. Additional information can be found at [link moved to references] For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u10. All applications linked to openssl need to be restarted. You can use the tool checkrestart from the package debian-goodies to detect affected programs or reboot your system. There's also a forthcoming security update for the Linux kernel later the day (CVE-2014-3153), so you need to reboot anyway. Perfect timing, isn't it? For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your openssl packages. Affected Software/OS: 'openssl' package(s) on Debian 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0195 BugTraq ID: 67900 http://www.securityfocus.com/bid/67900 Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded Cisco Security Advisory: 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://seclists.org/fulldisclosure/2014/Dec/23 http://security.gentoo.org/glsa/glsa-201407-05.xml HPdes Security Advisory: HPSBGN03050 http://marc.info/?l=bugtraq&m=140482916501310&w=2 HPdes Security Advisory: HPSBHF03293 http://marc.info/?l=bugtraq&m=142660345230545&w=2 HPdes Security Advisory: HPSBMU03051 http://marc.info/?l=bugtraq&m=140448122410568&w=2 HPdes Security Advisory: HPSBMU03055 http://marc.info/?l=bugtraq&m=140431828824371&w=2 HPdes Security Advisory: HPSBMU03056 http://marc.info/?l=bugtraq&m=140389355508263&w=2 HPdes Security Advisory: HPSBMU03057 http://marc.info/?l=bugtraq&m=140389274407904&w=2 HPdes Security Advisory: HPSBMU03062 http://marc.info/?l=bugtraq&m=140752315422991&w=2 HPdes Security Advisory: HPSBMU03065 http://marc.info/?l=bugtraq&m=140491231331543&w=2 HPdes Security Advisory: HPSBMU03069 http://marc.info/?l=bugtraq&m=140499827729550&w=2 HPdes Security Advisory: HPSBMU03074 http://marc.info/?l=bugtraq&m=140621259019789&w=2 HPdes Security Advisory: HPSBMU03076 http://marc.info/?l=bugtraq&m=140904544427729&w=2 HPdes Security Advisory: HPSBOV03047 http://marc.info/?l=bugtraq&m=140317760000786&w=2 HPdes Security Advisory: HPSBUX03046 http://marc.info/?l=bugtraq&m=140266410314613&w=2 HPdes Security Advisory: SSRT101590 HPdes Security Advisory: SSRT101846 http://www.mandriva.com/security/advisories?name=MDVSA-2014:106 http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048 http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002 http://www.securitytracker.com/id/1030337 http://secunia.com/advisories/58337 http://secunia.com/advisories/58615 http://secunia.com/advisories/58660 http://secunia.com/advisories/58713 http://secunia.com/advisories/58714 http://secunia.com/advisories/58743 http://secunia.com/advisories/58883 http://secunia.com/advisories/58939 http://secunia.com/advisories/58945 http://secunia.com/advisories/58977 http://secunia.com/advisories/59040 http://secunia.com/advisories/59126 http://secunia.com/advisories/59162 http://secunia.com/advisories/59175 http://secunia.com/advisories/59188 http://secunia.com/advisories/59189 http://secunia.com/advisories/59192 http://secunia.com/advisories/59223 http://secunia.com/advisories/59287 http://secunia.com/advisories/59300 http://secunia.com/advisories/59301 http://secunia.com/advisories/59305 http://secunia.com/advisories/59306 http://secunia.com/advisories/59310 http://secunia.com/advisories/59342 http://secunia.com/advisories/59364 http://secunia.com/advisories/59365 http://secunia.com/advisories/59413 http://secunia.com/advisories/59429 http://secunia.com/advisories/59437 http://secunia.com/advisories/59441 http://secunia.com/advisories/59449 http://secunia.com/advisories/59450 http://secunia.com/advisories/59451 http://secunia.com/advisories/59454 http://secunia.com/advisories/59490 http://secunia.com/advisories/59491 http://secunia.com/advisories/59514 http://secunia.com/advisories/59518 http://secunia.com/advisories/59528 http://secunia.com/advisories/59530 http://secunia.com/advisories/59587 http://secunia.com/advisories/59655 http://secunia.com/advisories/59659 http://secunia.com/advisories/59666 http://secunia.com/advisories/59669 http://secunia.com/advisories/59721 http://secunia.com/advisories/59784 http://secunia.com/advisories/59895 http://secunia.com/advisories/59990 http://secunia.com/advisories/60571 http://secunia.com/advisories/61254 SuSE Security Announcement: SUSE-SU-2015:0743 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2014-0221 BugTraq ID: 67901 http://www.securityfocus.com/bid/67901 http://www.mandriva.com/security/advisories?name=MDVSA-2014:105 RedHat Security Advisories: RHSA-2014:1021 http://rhn.redhat.com/errata/RHSA-2014-1021.html http://secunia.com/advisories/59027 http://secunia.com/advisories/59120 http://secunia.com/advisories/59167 http://secunia.com/advisories/59221 http://secunia.com/advisories/59284 http://secunia.com/advisories/59460 http://secunia.com/advisories/59495 http://secunia.com/advisories/60687 Common Vulnerability Exposure (CVE) ID: CVE-2014-0224 AIX APAR: IT02314 http://www.ibm.com/support/docview.wss?uid=swg1IT02314 AIX APAR: IV61506 http://www-01.ibm.com/support/docview.wss?uid=swg1IV61506 CERT/CC vulnerability note: VU#978508 http://www.kb.cert.org/vuls/id/978508 http://seclists.org/fulldisclosure/2014/Jun/38 HPdes Security Advisory: HPSBGN03068 http://marc.info/?l=bugtraq&m=140544599631400&w=2 HPdes Security Advisory: HPSBHF03052 http://marc.info/?l=bugtraq&m=141658880509699&w=2 HPdes Security Advisory: HPSBHF03088 http://marc.info/?l=bugtraq&m=140794476212181&w=2 HPdes Security Advisory: HPSBHF03145 http://marc.info/?l=bugtraq&m=141383465822787&w=2 HPdes Security Advisory: HPSBMU03053 http://marc.info/?l=bugtraq&m=140369637402535&w=2 HPdes Security Advisory: HPSBMU03058 http://marc.info/?l=bugtraq&m=140386311427810&w=2 HPdes Security Advisory: HPSBMU03070 http://marc.info/?l=bugtraq&m=140499864129699&w=2 HPdes Security Advisory: HPSBMU03071 http://marc.info/?l=bugtraq&m=140604261522465&w=2 HPdes Security Advisory: HPSBMU03078 http://marc.info/?l=bugtraq&m=140672208601650&w=2 HPdes Security Advisory: HPSBMU03083 http://marc.info/?l=bugtraq&m=140983229106599&w=2 HPdes Security Advisory: HPSBMU03089 http://marc.info/?l=bugtraq&m=140784085708882&w=2 HPdes Security Advisory: HPSBMU03094 http://marc.info/?l=bugtraq&m=140852757108392&w=2 HPdes Security Advisory: HPSBMU03101 http://marc.info/?l=bugtraq&m=140852826008699&w=2 HPdes Security Advisory: HPSBMU03216 http://marc.info/?l=bugtraq&m=142350350616251&w=2 HPdes Security Advisory: HPSBPI03107 http://marc.info/?l=bugtraq&m=141147110427269&w=2 HPdes Security Advisory: HPSBST03097 http://marc.info/?l=bugtraq&m=141383410222440&w=2 HPdes Security Advisory: HPSBST03098 http://marc.info/?l=bugtraq&m=140870499402361&w=2 HPdes Security Advisory: HPSBST03103 http://marc.info/?l=bugtraq&m=141164638606214&w=2 HPdes Security Advisory: HPSBST03106 http://marc.info/?l=bugtraq&m=141025641601169&w=2 HPdes Security Advisory: HPSBST03195 http://marc.info/?l=bugtraq&m=142805027510172&w=2 HPdes Security Advisory: HPSBST03265 http://marc.info/?l=bugtraq&m=142546741516006&w=2 HPdes Security Advisory: SSRT101818 http://ccsinjection.lepidum.co.jp https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005 https://www.imperialviolet.org/2014/06/05/earlyccs.html RedHat Security Advisories: RHSA-2014:0624 http://rhn.redhat.com/errata/RHSA-2014-0624.html RedHat Security Advisories: RHSA-2014:0626 http://rhn.redhat.com/errata/RHSA-2014-0626.html RedHat Security Advisories: RHSA-2014:0627 http://rhn.redhat.com/errata/RHSA-2014-0627.html RedHat Security Advisories: RHSA-2014:0630 http://rhn.redhat.com/errata/RHSA-2014-0630.html RedHat Security Advisories: RHSA-2014:0631 http://rhn.redhat.com/errata/RHSA-2014-0631.html RedHat Security Advisories: RHSA-2014:0632 http://rhn.redhat.com/errata/RHSA-2014-0632.html RedHat Security Advisories: RHSA-2014:0633 http://rhn.redhat.com/errata/RHSA-2014-0633.html RedHat Security Advisories: RHSA-2014:0680 http://rhn.redhat.com/errata/RHSA-2014-0680.html http://www.securitytracker.com/id/1031032 http://www.securitytracker.com/id/1031594 http://secunia.com/advisories/58128 http://secunia.com/advisories/58385 http://secunia.com/advisories/58433 http://secunia.com/advisories/58492 http://secunia.com/advisories/58579 http://secunia.com/advisories/58639 http://secunia.com/advisories/58667 http://secunia.com/advisories/58716 http://secunia.com/advisories/58719 http://secunia.com/advisories/58742 http://secunia.com/advisories/58745 http://secunia.com/advisories/58759 http://secunia.com/advisories/58930 http://secunia.com/advisories/59004 http://secunia.com/advisories/59012 http://secunia.com/advisories/59043 http://secunia.com/advisories/59055 http://secunia.com/advisories/59063 http://secunia.com/advisories/59093 http://secunia.com/advisories/59101 http://secunia.com/advisories/59132 http://secunia.com/advisories/59135 http://secunia.com/advisories/59142 http://secunia.com/advisories/59163 http://secunia.com/advisories/59186 http://secunia.com/advisories/59190 http://secunia.com/advisories/59191 http://secunia.com/advisories/59202 http://secunia.com/advisories/59211 http://secunia.com/advisories/59214 http://secunia.com/advisories/59215 http://secunia.com/advisories/59231 http://secunia.com/advisories/59264 http://secunia.com/advisories/59282 http://secunia.com/advisories/59325 http://secunia.com/advisories/59338 http://secunia.com/advisories/59347 http://secunia.com/advisories/59354 http://secunia.com/advisories/59362 http://secunia.com/advisories/59368 http://secunia.com/advisories/59370 http://secunia.com/advisories/59374 http://secunia.com/advisories/59375 http://secunia.com/advisories/59380 http://secunia.com/advisories/59383 http://secunia.com/advisories/59389 http://secunia.com/advisories/59435 http://secunia.com/advisories/59438 http://secunia.com/advisories/59440 http://secunia.com/advisories/59442 http://secunia.com/advisories/59444 http://secunia.com/advisories/59445 http://secunia.com/advisories/59446 http://secunia.com/advisories/59447 http://secunia.com/advisories/59448 http://secunia.com/advisories/59459 http://secunia.com/advisories/59483 http://secunia.com/advisories/59502 http://secunia.com/advisories/59506 http://secunia.com/advisories/59525 http://secunia.com/advisories/59529 http://secunia.com/advisories/59589 http://secunia.com/advisories/59602 http://secunia.com/advisories/59661 http://secunia.com/advisories/59677 http://secunia.com/advisories/59824 http://secunia.com/advisories/59827 http://secunia.com/advisories/59878 http://secunia.com/advisories/59885 http://secunia.com/advisories/59894 http://secunia.com/advisories/59916 http://secunia.com/advisories/60049 http://secunia.com/advisories/60066 http://secunia.com/advisories/60176 http://secunia.com/advisories/60522 http://secunia.com/advisories/60567 http://secunia.com/advisories/60577 http://secunia.com/advisories/60819 http://secunia.com/advisories/61815 SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html SuSE Security Announcement: openSUSE-SU-2015:0229 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3470 BugTraq ID: 67898 http://www.securityfocus.com/bid/67898 http://secunia.com/advisories/58797 http://secunia.com/advisories/59340 http://secunia.com/advisories/59431
Copyright	Copyright (C) 2014 Greenbone AG