ID de Prueba:	1.3.6.1.4.1.25623.1.0.72024
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2012:038 (openssl)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to openssl announced via advisory MDVSA-2012:038. Multiple vulnerabilities has been found and corrected in openssl: The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack (CVE-2012-0884). The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250 (CVE-2012-1165). The updated packages have been patched to correct these issues. Affected: 2010.1, 2011., Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2012:038 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0884 CERT/CC vulnerability note: VU#737740 http://www.kb.cert.org/vuls/id/737740 Debian Security Information: DSA-2454 (Google Search) http://www.debian.org/security/2012/dsa-2454 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html HPdes Security Advisory: HPSBMU02776 http://marc.info/?l=bugtraq&m=133951357207000&w=2 HPdes Security Advisory: HPSBOV02793 http://marc.info/?l=bugtraq&m=134039053214295&w=2 HPdes Security Advisory: HPSBUX02782 http://marc.info/?l=bugtraq&m=133728068926468&w=2 HPdes Security Advisory: SSRT100844 HPdes Security Advisory: SSRT100852 HPdes Security Advisory: SSRT100891 RedHat Security Advisories: RHSA-2012:0426 http://rhn.redhat.com/errata/RHSA-2012-0426.html RedHat Security Advisories: RHSA-2012:0488 http://rhn.redhat.com/errata/RHSA-2012-0488.html RedHat Security Advisories: RHSA-2012:0531 http://rhn.redhat.com/errata/RHSA-2012-0531.html RedHat Security Advisories: RHSA-2012:1306 http://rhn.redhat.com/errata/RHSA-2012-1306.html RedHat Security Advisories: RHSA-2012:1307 http://rhn.redhat.com/errata/RHSA-2012-1307.html RedHat Security Advisories: RHSA-2012:1308 http://rhn.redhat.com/errata/RHSA-2012-1308.html http://secunia.com/advisories/48580 http://secunia.com/advisories/48895 http://secunia.com/advisories/48916 http://secunia.com/advisories/57353 SuSE Security Announcement: openSUSE-SU-2012:0547 (Google Search) https://hermes.opensuse.org/messages/14330767 Common Vulnerability Exposure (CVE) ID: CVE-2006-7250 BugTraq ID: 52181 http://www.securityfocus.com/bid/52181 http://marc.info/?l=openssl-dev&m=115685408414194&w=2 http://www.mail-archive.com/openssl-dev@openssl.org/msg30305.html http://www.openwall.com/lists/oss-security/2012/02/27/10 http://www.openwall.com/lists/oss-security/2012/02/28/14 http://www.redhat.com/support/errata/RHSA-2009-1335.html http://secunia.com/advisories/36533 http://secunia.com/advisories/48153 http://secunia.com/advisories/48516 http://secunia.com/advisories/48899 http://www.ubuntu.com/usn/USN-1424-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-1165 BugTraq ID: 52764 http://www.securityfocus.com/bid/52764 HPdes Security Advisory: HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPdes Security Advisory: SSRT100877 http://www.openwall.com/lists/oss-security/2012/03/12/3 http://www.openwall.com/lists/oss-security/2012/03/12/6 http://www.openwall.com/lists/oss-security/2012/03/12/7 http://www.openwall.com/lists/oss-security/2012/03/13/2 http://www.securitytracker.com/id?1026787
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.