Test ID:	1.3.6.1.4.1.25623.1.0.704017
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-4017-1)
Summary:	The remote host is missing an update for the Debian 'openssl1.0' package(s) announced via the DSA-4017-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'openssl1.0' package(s) announced via the DSA-4017-1 advisory. Vulnerability Insight: Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily extension in an X.509 certificate. Details can be found in the upstream advisory: [link moved to references] CVE-2017-3736 It was discovered that OpenSSL contains a carry propagation bug in the x86_64 Montgomery squaring procedure. Details can be found in the upstream advisory: [link moved to references] For the stable distribution (stretch), these problems have been fixed in version 1.0.2l-2+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 1.0.2m-1. We recommend that you upgrade your openssl1.0 packages. Affected Software/OS: 'openssl1.0' package(s) on Debian 9. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3735 BugTraq ID: 100515 http://www.securityfocus.com/bid/100515 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://security.netapp.com/advisory/ntap-20170927-0001/ https://security.netapp.com/advisory/ntap-20171107-0002/ https://support.apple.com/HT208331 https://www.openssl.org/news/secadv/20170828.txt https://www.openssl.org/news/secadv/20171102.txt https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.tenable.com/security/tns-2017-14 https://www.tenable.com/security/tns-2017-15 Debian Security Information: DSA-4017 (Google Search) https://www.debian.org/security/2017/dsa-4017 Debian Security Information: DSA-4018 (Google Search) https://www.debian.org/security/2017/dsa-4018 FreeBSD Security Advisory: FreeBSD-SA-17:11 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc https://security.gentoo.org/glsa/201712-03 https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html RedHat Security Advisories: RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3221 RedHat Security Advisories: RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2018:3505 http://www.securitytracker.com/id/1039726 https://usn.ubuntu.com/3611-2/ Common Vulnerability Exposure (CVE) ID: CVE-2017-3736 BugTraq ID: 101666 http://www.securityfocus.com/bid/101666 https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871 RedHat Security Advisories: RHSA-2018:0998 https://access.redhat.com/errata/RHSA-2018:0998 RedHat Security Advisories: RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2185 RedHat Security Advisories: RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2186 RedHat Security Advisories: RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2187 RedHat Security Advisories: RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2568 RedHat Security Advisories: RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2575 RedHat Security Advisories: RHSA-2018:2713 https://access.redhat.com/errata/RHSA-2018:2713 http://www.securitytracker.com/id/1039727
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.