Test ID:	1.3.6.1.4.1.25623.1.0.871760
Category:	Red Hat Local Security Checks
Title:	RedHat Update for openssl RHSA-2017:0286-01
Summary:	The remote host is missing an update for the 'openssl'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the referenced advisory. Vulnerability Insight: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) Affected Software/OS: openssl on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Server (v. 7), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-8610 1037084 http://www.securitytracker.com/id/1037084 93841 http://www.securityfocus.com/bid/93841 DSA-3773 https://www.debian.org/security/2017/dsa-3773 FreeBSD-SA-16:35 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc RHSA-2017:0286 http://rhn.redhat.com/errata/RHSA-2017-0286.html RHSA-2017:0574 http://rhn.redhat.com/errata/RHSA-2017-0574.html RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1413 RHSA-2017:1414 https://access.redhat.com/errata/RHSA-2017:1414 RHSA-2017:1415 http://rhn.redhat.com/errata/RHSA-2017-1415.html RHSA-2017:1658 https://access.redhat.com/errata/RHSA-2017:1658 RHSA-2017:1659 http://rhn.redhat.com/errata/RHSA-2017-1659.html RHSA-2017:1801 https://access.redhat.com/errata/RHSA-2017:1801 RHSA-2017:1802 https://access.redhat.com/errata/RHSA-2017:1802 RHSA-2017:2493 https://access.redhat.com/errata/RHSA-2017:2493 RHSA-2017:2494 https://access.redhat.com/errata/RHSA-2017:2494 [oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS http://seclists.org/oss-sec/2016/q4/224 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401 https://security.360.cn/cve/CVE-2016-8610/ https://security.netapp.com/advisory/ntap-20171130-0001/ https://security.paloaltonetworks.com/CVE-2016-8610 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Common Vulnerability Exposure (CVE) ID: CVE-2017-3731 BugTraq ID: 95813 http://www.securityfocus.com/bid/95813 Debian Security Information: DSA-3773 (Google Search) http://www.debian.org/security/2017/dsa-3773 FreeBSD Security Advisory: FreeBSD-SA-17:02 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc https://security.gentoo.org/glsa/201702-07 https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html RedHat Security Advisories: RHSA-2017:0286 RedHat Security Advisories: RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2185 RedHat Security Advisories: RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2186 RedHat Security Advisories: RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2187 http://www.securitytracker.com/id/1037717
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.