Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.844450
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory for openssl (USN-4376-1)
Summary:The remote host is missing an update for the 'openssl'; package(s) announced via the USN-4376-1 advisory.
Description:Summary:
The remote host is missing an update for the 'openssl'
package(s) announced via the USN-4376-1 advisory.

Vulnerability Insight:
Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin,
Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL
incorrectly handled ECDSA signatures. An attacker could possibly use this
issue to perform a timing side-channel attack and recover private ECDSA
keys. (CVE-2019-1547)

Matt Caswell discovered that OpenSSL incorrectly handled the random number
generator (RNG). This may result in applications that use the fork() system
call sharing the same RNG state between the parent and the child, contrary
to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu
19.10. (CVE-2019-1549)

Guido Vranken discovered that OpenSSL incorrectly performed the x86_64
Montgomery squaring procedure. While unlikely, a remote attacker could
possibly use this issue to recover private keys. (CVE-2019-1551)

Bernd Edlinger discovered that OpenSSL incorrectly handled certain
decryption functions. In certain scenarios, a remote attacker could
possibly use this issue to perform a padding oracle attack and decrypt
traffic. (CVE-2019-1563)

Affected Software/OS:
'openssl' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-1547
Bugtraq: 20190912 [slackware-security] openssl (SSA:2019-254-03) (Google Search)
https://seclists.org/bugtraq/2019/Sep/25
Bugtraq: 20191001 [SECURITY] [DSA 4539-1] openssl security update (Google Search)
https://seclists.org/bugtraq/2019/Oct/1
Bugtraq: 20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update (Google Search)
https://seclists.org/bugtraq/2019/Oct/0
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a
https://security.netapp.com/advisory/ntap-20190919-0002/
https://security.netapp.com/advisory/ntap-20200122-0002/
https://security.netapp.com/advisory/ntap-20200416-0003/
https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS
https://www.openssl.org/news/secadv/20190910.txt
https://www.tenable.com/security/tns-2019-08
https://www.tenable.com/security/tns-2019-09
Debian Security Information: DSA-4539 (Google Search)
https://www.debian.org/security/2019/dsa-4539
Debian Security Information: DSA-4540 (Google Search)
https://www.debian.org/security/2019/dsa-4540
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/
https://security.gentoo.org/glsa/201911-04
http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html
https://arxiv.org/abs/1909.01785
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html
SuSE Security Announcement: openSUSE-SU-2019:2158 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html
SuSE Security Announcement: openSUSE-SU-2019:2189 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html
SuSE Security Announcement: openSUSE-SU-2019:2268 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html
SuSE Security Announcement: openSUSE-SU-2019:2269 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html
https://usn.ubuntu.com/4376-1/
https://usn.ubuntu.com/4376-2/
https://usn.ubuntu.com/4504-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-1549
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be
https://support.f5.com/csp/article/K44070243
https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS
Common Vulnerability Exposure (CVE) ID: CVE-2019-1551
Bugtraq: 20191225 [slackware-security] openssl (SSA:2019-354-01) (Google Search)
https://seclists.org/bugtraq/2019/Dec/39
Bugtraq: 20191229 [SECURITY] [DSA 4594-1] openssl1.0 security update (Google Search)
https://seclists.org/bugtraq/2019/Dec/46
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98
https://security.netapp.com/advisory/ntap-20191210-0001/
https://www.openssl.org/news/secadv/20191206.txt
https://www.tenable.com/security/tns-2020-03
Debian Security Information: DSA-4594 (Google Search)
https://www.debian.org/security/2019/dsa-4594
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/
https://security.gentoo.org/glsa/202004-10
http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html
SuSE Security Announcement: openSUSE-SU-2020:0062 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-1563
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f
https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.