 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.1.1.2010.1970 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-1970-1) |
| Summary: | The remote host is missing an update for the Debian 'openssl' package(s) announced via the DSA-1970-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'openssl' package(s) announced via the DSA-1970-1 advisory. Vulnerability Insight: It was discovered that a significant memory leak could occur in OpenSSL, related to the reinitialization of zlib. This could result in a remotely exploitable denial of service vulnerability when using the Apache httpd server in a configuration where mod_ssl, mod_php5, and the php5-curl extension are loaded. The old stable distribution (etch) is not affected by this issue. For the stable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny6. The packages for the arm architecture are not included in this advisory. They will be released as soon as they become available. For the testing distribution (squeeze) and the unstable distribution (sid), this problem will be fixed soon. The issue does not seem to be exploitable with the apache2 package contained in squeeze/sid. We recommend that you upgrade your openssl packages. You also need to restart your Apache httpd server to make sure it uses the updated libraries. Affected Software/OS: 'openssl' package(s) on Debian 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-4355 Debian Security Information: DSA-1970 (Google Search) http://www.debian.org/security/2010/dsa-1970 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html HPdes Security Advisory: HPSBUX02517 http://marc.info/?l=bugtraq&m=127128920008563&w=2 HPdes Security Advisory: SSRT100058 http://www.mandriva.com/security/advisories?name=MDVSA-2010:022 http://www.openwall.com/lists/oss-security/2010/01/13/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678 RedHat Security Advisories: RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html http://secunia.com/advisories/38175 http://secunia.com/advisories/38181 http://secunia.com/advisories/38200 http://secunia.com/advisories/38761 http://secunia.com/advisories/39461 http://secunia.com/advisories/42724 http://secunia.com/advisories/42733 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 SuSE Security Announcement: SUSE-SA:2010:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://www.ubuntu.com/usn/USN-884-1 http://www.vupen.com/english/advisories/2010/0124 http://www.vupen.com/english/advisories/2010/0839 http://www.vupen.com/english/advisories/2010/0916 |
| Copyright | Copyright (C) 2023 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |