Test ID:	1.3.6.1.4.1.25623.1.1.12.2020.4376.2
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4376-2)
Summary:	The remote host is missing an update for the 'openssl' package(s) announced via the USN-4376-2 advisory.
Description:	Summary: The remote host is missing an update for the 'openssl' package(s) announced via the USN-4376-2 advisory. Vulnerability Insight: USN-4376-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. (CVE-2019-1547) Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data. (CVE-2019-1559) Bernd Edlinger discovered that OpenSSL incorrectly handled certain decryption functions. In certain scenarios, a remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. (CVE-2019-1563) Affected Software/OS: 'openssl' package(s) on Ubuntu 12.04, Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-1547 Bugtraq: 20190912 [slackware-security] openssl (SSA:2019-254-03) (Google Search) https://seclists.org/bugtraq/2019/Sep/25 Bugtraq: 20191001 [SECURITY] [DSA 4539-1] openssl security update (Google Search) https://seclists.org/bugtraq/2019/Oct/1 Bugtraq: 20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update (Google Search) https://seclists.org/bugtraq/2019/Oct/0 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a https://security.netapp.com/advisory/ntap-20190919-0002/ https://security.netapp.com/advisory/ntap-20200122-0002/ https://security.netapp.com/advisory/ntap-20200416-0003/ https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS https://www.openssl.org/news/secadv/20190910.txt https://www.tenable.com/security/tns-2019-08 https://www.tenable.com/security/tns-2019-09 Debian Security Information: DSA-4539 (Google Search) https://www.debian.org/security/2019/dsa-4539 Debian Security Information: DSA-4540 (Google Search) https://www.debian.org/security/2019/dsa-4540 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/ https://security.gentoo.org/glsa/201911-04 http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html https://arxiv.org/abs/1909.01785 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html SuSE Security Announcement: openSUSE-SU-2019:2158 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html SuSE Security Announcement: openSUSE-SU-2019:2189 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html SuSE Security Announcement: openSUSE-SU-2019:2268 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html SuSE Security Announcement: openSUSE-SU-2019:2269 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html https://usn.ubuntu.com/4376-1/ https://usn.ubuntu.com/4376-2/ https://usn.ubuntu.com/4504-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-1559 BugTraq ID: 107174 http://www.securityfocus.com/bid/107174 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e https://kc.mcafee.com/corporate/index?page=content&id=SB10282 https://security.netapp.com/advisory/ntap-20190301-0001/ https://security.netapp.com/advisory/ntap-20190301-0002/ https://security.netapp.com/advisory/ntap-20190423-0002/ https://support.f5.com/csp/article/K18549143 https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS https://www.openssl.org/news/secadv/20190226.txt https://www.tenable.com/security/tns-2019-02 https://www.tenable.com/security/tns-2019-03 Debian Security Information: DSA-4400 (Google Search) https://www.debian.org/security/2019/dsa-4400 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/ https://security.gentoo.org/glsa/201903-10 https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html RedHat Security Advisories: RHSA-2019:2304 https://access.redhat.com/errata/RHSA-2019:2304 RedHat Security Advisories: RHSA-2019:2437 https://access.redhat.com/errata/RHSA-2019:2437 RedHat Security Advisories: RHSA-2019:2439 https://access.redhat.com/errata/RHSA-2019:2439 RedHat Security Advisories: RHSA-2019:2471 https://access.redhat.com/errata/RHSA-2019:2471 RedHat Security Advisories: RHSA-2019:3929 https://access.redhat.com/errata/RHSA-2019:3929 RedHat Security Advisories: RHSA-2019:3931 https://access.redhat.com/errata/RHSA-2019:3931 SuSE Security Announcement: openSUSE-SU-2019:1076 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html SuSE Security Announcement: openSUSE-SU-2019:1105 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html SuSE Security Announcement: openSUSE-SU-2019:1173 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html SuSE Security Announcement: openSUSE-SU-2019:1175 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html SuSE Security Announcement: openSUSE-SU-2019:1432 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html SuSE Security Announcement: openSUSE-SU-2019:1637 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html https://usn.ubuntu.com/3899-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-1563 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.