Test ID:	1.3.6.1.4.1.25623.1.1.1.2.2023.3530
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-3530-1)
Summary:	The remote host is missing an update for the Debian 'openssl' package(s) announced via the DLA-3530-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'openssl' package(s) announced via the DLA-3530-1 advisory. Vulnerability Insight: Two vunerabilities were discovered in openssl, a Secure Sockets Layer toolkit: CVE-2023-3446 , CVE-2023-3817 Excessively long DH key or parameter checks can cause significant delays in applications using DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions, potentially leading to Denial of Service attacks when keys or parameters are obtained from untrusted sources. For Debian 10 buster, these problems have been fixed in version 1.1.1n-0+deb10u6. We recommend that you upgrade your openssl packages. For the detailed security status of openssl please refer to its security tracker page at: [link moved to references] Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'openssl' package(s) on Debian 10. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-3446 https://security.gentoo.org/glsa/202402-08 1.0.2zi patch (premium) https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c 1.1.1v git commit https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528 3.0.10 git commit https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb 3.1.2 git commit https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23 OpenSSL Advisory https://www.openssl.org/news/secadv/20230719.txt https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html http://www.openwall.com/lists/oss-security/2023/07/19/4 http://www.openwall.com/lists/oss-security/2023/07/19/5 http://www.openwall.com/lists/oss-security/2023/07/19/6 http://www.openwall.com/lists/oss-security/2023/07/31/1 http://www.openwall.com/lists/oss-security/2024/05/16/1 Common Vulnerability Exposure (CVE) ID: CVE-2023-3817 http://seclists.org/fulldisclosure/2023/Jul/43 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5 https://www.openssl.org/news/secadv/20230731.txt http://www.openwall.com/lists/oss-security/2023/09/22/11 http://www.openwall.com/lists/oss-security/2023/09/22/9 http://www.openwall.com/lists/oss-security/2023/11/06/2
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.