Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.703413
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 3413-1 (openssl - security update)
Zusammenfassung:Multiple vulnerabilities have been;discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities;and Exposures project identifies the following issues:;;CVE-2015-3194;Loic Jonas Etienne of Qnective AG discovered that the signature;verification routines will crash with a NULL pointer dereference if;presented with an ASN.1 signature using the RSA PSS algorithm and;absent mask generation function parameter. A remote attacker can;exploit this flaw to crash any certificate verification operation;and mount a denial of service attack.;;CVE-2015-3195;Adam Langley of Google/BoringSSL discovered that OpenSSL will leak;memory when presented with a malformed X509_ATTRIBUTE structure.;;CVE-2015-3196;A race condition flaw in the handling of PSK identify hints was;discovered, potentially leading to a double free of the identify;hint data.
Beschreibung:Summary:
Multiple vulnerabilities have been
discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities
and Exposures project identifies the following issues:

CVE-2015-3194
Loic Jonas Etienne of Qnective AG discovered that the signature
verification routines will crash with a NULL pointer dereference if
presented with an ASN.1 signature using the RSA PSS algorithm and
absent mask generation function parameter. A remote attacker can
exploit this flaw to crash any certificate verification operation
and mount a denial of service attack.

CVE-2015-3195
Adam Langley of Google/BoringSSL discovered that OpenSSL will leak
memory when presented with a malformed X509_ATTRIBUTE structure.

CVE-2015-3196
A race condition flaw in the handling of PSK identify hints was
discovered, potentially leading to a double free of the identify
hint data.

Affected Software/OS:
openssl on Debian Linux

Solution:
For the oldstable distribution (wheezy), these
problems have been fixed in version 1.0.1e-2+deb7u18.

For the stable distribution (jessie), these problems have been fixed in
version 1.0.1k-3+deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 1.0.2e-1 or earlier.

We recommend that you upgrade your openssl packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-3194
BugTraq ID: 78623
http://www.securityfocus.com/bid/78623
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Cisco Security Advisory: 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
Debian Security Information: DSA-3413 (Google Search)
http://www.debian.org/security/2015/dsa-3413
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
HPdes Security Advisory: HPSBGN03536
http://marc.info/?l=bugtraq&m=145382583417444&w=2
RedHat Security Advisories: RHSA-2015:2617
http://rhn.redhat.com/errata/RHSA-2015-2617.html
RedHat Security Advisories: RHSA-2016:2957
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://www.securitytracker.com/id/1034294
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
SuSE Security Announcement: openSUSE-SU-2015:2288 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
SuSE Security Announcement: openSUSE-SU-2015:2289 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
SuSE Security Announcement: openSUSE-SU-2015:2318 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html
SuSE Security Announcement: openSUSE-SU-2016:0637 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
SuSE Security Announcement: openSUSE-SU-2016:1332 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html
http://www.ubuntu.com/usn/USN-2830-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-3195
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
BugTraq ID: 78626
http://www.securityfocus.com/bid/78626
RedHat Security Advisories: RHSA-2015:2616
http://rhn.redhat.com/errata/RHSA-2015-2616.html
RedHat Security Advisories: RHSA-2016:2056
http://rhn.redhat.com/errata/RHSA-2016-2056.html
SuSE Security Announcement: SUSE-SU-2016:0678 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
SuSE Security Announcement: openSUSE-SU-2015:2349 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html
SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-3196
BugTraq ID: 78622
http://www.securityfocus.com/bid/78622
CopyrightCopyright (c) 2015 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.