Debian Local Security Checks : Debian: Security Advisory (DLA-637-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.1.2.2016.637
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-637-1)
Summary:	The remote host is missing an update for the Debian 'openssl' package(s) announced via the DLA-637-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'openssl' package(s) announced via the DLA-637-1 advisory. Vulnerability Insight: Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at [link moved to references] CVE-2016-2178 Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code. CVE-2016-2179 / CVE-2016-2181 Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS. CVE-2016-2180 / CVE-2016-2182 / CVE-2016-6303 Shi Lei discovered an out-of-bounds memory read in TS_OBJ_print_bio() and an out-of-bounds write in BN_bn2dec() and MDC2_Update(). CVE-2016-2183 DES-based cipher suites are demoted from the HIGH group to MEDIUM as a mitigation for the SWEET32 attack. CVE-2016-6302 Shi Lei discovered that the use of SHA512 in TLS session tickets is susceptible to denial of service. CVE-2016-6304 Shi Lei discovered that excessively large OCSP status request may result in denial of service via memory exhaustion. CVE-2016-6306 Shi Lei discovered that missing message length validation when parsing certificates may potentially result in denial of service. For Debian 7 Wheezy, these problems have been fixed in version 1.0.1t-1+deb7u1. We recommend that you upgrade your openssl and libssl1.0.0 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'openssl' package(s) on Debian 7. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2177 BugTraq ID: 91319 http://www.securityfocus.com/bid/91319 Bugtraq: 20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS) (Google Search) http://www.securityfocus.com/archive/1/540957/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded Cisco Security Advisory: 20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl Debian Security Information: DSA-3673 (Google Search) http://www.debian.org/security/2016/dsa-3673 FreeBSD Security Advisory: FreeBSD-SA-16:26 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc http://seclists.org/fulldisclosure/2017/Jul/31 https://security.gentoo.org/glsa/201612-16 https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01 https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24 http://www.openwall.com/lists/oss-security/2016/06/08/9 RedHat Security Advisories: RHSA-2016:1940 http://rhn.redhat.com/errata/RHSA-2016-1940.html RedHat Security Advisories: RHSA-2016:2957 http://rhn.redhat.com/errata/RHSA-2016-2957.html RedHat Security Advisories: RHSA-2017:0193 https://access.redhat.com/errata/RHSA-2017:0193 RedHat Security Advisories: RHSA-2017:0194 https://access.redhat.com/errata/RHSA-2017:0194 RedHat Security Advisories: RHSA-2017:1658 https://access.redhat.com/errata/RHSA-2017:1658 RedHat Security Advisories: RHSA-2017:1659 http://rhn.redhat.com/errata/RHSA-2017-1659.html http://www.securitytracker.com/id/1036088 SuSE Security Announcement: SUSE-SU-2016:2387 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html SuSE Security Announcement: SUSE-SU-2016:2394 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html SuSE Security Announcement: SUSE-SU-2016:2458 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html SuSE Security Announcement: SUSE-SU-2016:2468 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html SuSE Security Announcement: SUSE-SU-2016:2469 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html SuSE Security Announcement: SUSE-SU-2017:2699 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html SuSE Security Announcement: SUSE-SU-2017:2700 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html SuSE Security Announcement: openSUSE-SU-2016:2391 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html SuSE Security Announcement: openSUSE-SU-2016:2407 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html SuSE Security Announcement: openSUSE-SU-2016:2537 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html SuSE Security Announcement: openSUSE-SU-2018:0458 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html http://www.ubuntu.com/usn/USN-3087-1 http://www.ubuntu.com/usn/USN-3087-2 http://www.ubuntu.com/usn/USN-3181-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-2178 BugTraq ID: 91081 http://www.securityfocus.com/bid/91081 http://eprint.iacr.org/2016/594.pdf http://www.openwall.com/lists/oss-security/2016/06/08/2 http://www.openwall.com/lists/oss-security/2016/06/08/10 http://www.openwall.com/lists/oss-security/2016/06/08/11 http://www.openwall.com/lists/oss-security/2016/06/08/12 http://www.openwall.com/lists/oss-security/2016/06/08/4 http://www.openwall.com/lists/oss-security/2016/06/08/5 http://www.openwall.com/lists/oss-security/2016/06/08/6 http://www.openwall.com/lists/oss-security/2016/06/08/7 http://www.openwall.com/lists/oss-security/2016/06/08/8 http://www.openwall.com/lists/oss-security/2016/06/09/2 http://www.openwall.com/lists/oss-security/2016/06/09/8 http://www.securitytracker.com/id/1036054 SuSE Security Announcement: SUSE-SU-2016:2470 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html SuSE Security Announcement: openSUSE-SU-2016:2496 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html Common Vulnerability Exposure (CVE) ID: CVE-2016-2179 BugTraq ID: 92987 http://www.securityfocus.com/bid/92987 http://www.securitytracker.com/id/1036689 Common Vulnerability Exposure (CVE) ID: CVE-2016-2180 BugTraq ID: 92117 http://www.securityfocus.com/bid/92117 http://www.securitytracker.com/id/1036486 Common Vulnerability Exposure (CVE) ID: CVE-2016-2181 BugTraq ID: 92982 http://www.securityfocus.com/bid/92982 http://www.securitytracker.com/id/1036690 Common Vulnerability Exposure (CVE) ID: CVE-2016-2182 BugTraq ID: 92557 http://www.securityfocus.com/bid/92557 RedHat Security Advisories: RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2185 RedHat Security Advisories: RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2186 RedHat Security Advisories: RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2187 http://www.securitytracker.com/id/1036688 http://www.securitytracker.com/id/1037968 Common Vulnerability Exposure (CVE) ID: CVE-2016-6302 BugTraq ID: 92628 http://www.securityfocus.com/bid/92628 http://www.securitytracker.com/id/1036885 Common Vulnerability Exposure (CVE) ID: CVE-2016-6303 1036885 92984 http://www.securityfocus.com/bid/92984 FreeBSD-SA-16:26 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://bto.bluecoat.com/security-advisory/sa132 https://bugzilla.redhat.com/show_bug.cgi?id=1370146 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ https://www.tenable.com/security/tns-2016-16 https://www.tenable.com/security/tns-2016-20 https://www.tenable.com/security/tns-2016-21 Common Vulnerability Exposure (CVE) ID: CVE-2016-6304 BugTraq ID: 93150 http://www.securityfocus.com/bid/93150 http://seclists.org/fulldisclosure/2016/Oct/62 http://seclists.org/fulldisclosure/2016/Dec/47 http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html RedHat Security Advisories: RHSA-2016:2802 http://rhn.redhat.com/errata/RHSA-2016-2802.html RedHat Security Advisories: RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1413 RedHat Security Advisories: RHSA-2017:1414 https://access.redhat.com/errata/RHSA-2017:1414 RedHat Security Advisories: RHSA-2017:1415 http://rhn.redhat.com/errata/RHSA-2017-1415.html RedHat Security Advisories: RHSA-2017:1801 https://access.redhat.com/errata/RHSA-2017:1801 RedHat Security Advisories: RHSA-2017:1802 https://access.redhat.com/errata/RHSA-2017:1802 RedHat Security Advisories: RHSA-2017:2493 https://access.redhat.com/errata/RHSA-2017:2493 RedHat Security Advisories: RHSA-2017:2494 https://access.redhat.com/errata/RHSA-2017:2494 http://www.securitytracker.com/id/1036878 http://www.securitytracker.com/id/1037640 SuSE Security Announcement: openSUSE-SU-2016:2769 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html SuSE Security Announcement: openSUSE-SU-2016:2788 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html Common Vulnerability Exposure (CVE) ID: CVE-2016-6306 BugTraq ID: 93153 http://www.securityfocus.com/bid/93153 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us https://www.openssl.org/news/secadv/20160922.txt https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Copyright	Copyright (C) 2023 Greenbone AG