English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.842898
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu Update for openssl USN-3087-2
Zusammenfassung:The remote host is missing an update for the 'openssl'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'openssl'
package(s) announced via the referenced advisory.

Vulnerability Insight:
USN-3087-1 fixed vulnerabilities in OpenSSL.
The fix for CVE-2016-2182 was incomplete and caused a regression when parsing
certificates. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request
extension. A remote attacker could possibly use this issue to cause memory
consumption, resulting in a denial of service. (CVE-2016-6304)
Guido Vranken discovered that OpenSSL used undefined behaviour when
performing pointer arithmetic. A remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. This
issue has only been addressed in Ubuntu 16.04 LTS in this update.
(CVE-2016-2177)
Cé sar Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL
did not properly use constant-time operations when performing DSA signing.
A remote attacker could possibly use this issue to perform a cache-timing
attack and recover private DSA keys. (CVE-2016-2178)
Quan Luo discovered that OpenSSL did not properly restrict the lifetime
of queue entries in the DTLS implementation. A remote attacker could
possibly use this issue to consume memory, resulting in a denial of
service. (CVE-2016-2179)
Shi Lei discovered that OpenSSL incorrectly handled memory in the
TS_OBJ_print_bio() function. A remote attacker could possibly use this
issue to cause a denial of service. (CVE-2016-2180)
It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay
feature. A remote attacker could possibly use this issue to cause a denial
of service. (CVE-2016-2181)
Shi Lei discovered that OpenSSL incorrectly validated division results. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2016-2182)
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES
ciphers were vulnerable to birthday attacks. A remote attacker could
possibly use this flaw to obtain clear text data from long encrypted
sessions. This update moves DES from the HIGH cipher list to MEDIUM.
(CVE-2016-2183)
Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths.
A remote attacker could use this issue to cause a denial of service.
(CVE-2016-6302)
Shi Lei discovered that OpenSSL incorrectly handled memory in the
MDC2_Update() function. A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2016-6303)
Shi Lei discovered that OpenSSL incorrectly performed certain message
length checks. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2016-6306)

Affected Software/OS:
openssl on Ubuntu 16.04 LTS,
Ubuntu 14.04 LTS,
Ubuntu 12.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-2182
BugTraq ID: 92557
http://www.securityfocus.com/bid/92557
FreeBSD Security Advisory: FreeBSD-SA-16:26
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
RedHat Security Advisories: RHSA-2016:1940
http://rhn.redhat.com/errata/RHSA-2016-1940.html
RedHat Security Advisories: RHSA-2018:2185
https://access.redhat.com/errata/RHSA-2018:2185
RedHat Security Advisories: RHSA-2018:2186
https://access.redhat.com/errata/RHSA-2018:2186
RedHat Security Advisories: RHSA-2018:2187
https://access.redhat.com/errata/RHSA-2018:2187
http://www.securitytracker.com/id/1036688
http://www.securitytracker.com/id/1037968
Common Vulnerability Exposure (CVE) ID: CVE-2016-6304
BugTraq ID: 93150
http://www.securityfocus.com/bid/93150
https://security.gentoo.org/glsa/201612-16
RedHat Security Advisories: RHSA-2016:2802
http://rhn.redhat.com/errata/RHSA-2016-2802.html
RedHat Security Advisories: RHSA-2017:1413
https://access.redhat.com/errata/RHSA-2017:1413
RedHat Security Advisories: RHSA-2017:1414
https://access.redhat.com/errata/RHSA-2017:1414
RedHat Security Advisories: RHSA-2017:1415
http://rhn.redhat.com/errata/RHSA-2017-1415.html
RedHat Security Advisories: RHSA-2017:1658
https://access.redhat.com/errata/RHSA-2017:1658
RedHat Security Advisories: RHSA-2017:1659
http://rhn.redhat.com/errata/RHSA-2017-1659.html
RedHat Security Advisories: RHSA-2017:1801
https://access.redhat.com/errata/RHSA-2017:1801
RedHat Security Advisories: RHSA-2017:1802
https://access.redhat.com/errata/RHSA-2017:1802
RedHat Security Advisories: RHSA-2017:2493
https://access.redhat.com/errata/RHSA-2017:2493
RedHat Security Advisories: RHSA-2017:2494
https://access.redhat.com/errata/RHSA-2017:2494
http://www.securitytracker.com/id/1036878
http://www.securitytracker.com/id/1037640
SuSE Security Announcement: SUSE-SU-2016:2470 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-2177
BugTraq ID: 91319
http://www.securityfocus.com/bid/91319
https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01
RedHat Security Advisories: RHSA-2016:2957
http://rhn.redhat.com/errata/RHSA-2016-2957.html
RedHat Security Advisories: RHSA-2017:0193
https://access.redhat.com/errata/RHSA-2017:0193
RedHat Security Advisories: RHSA-2017:0194
https://access.redhat.com/errata/RHSA-2017:0194
http://www.securitytracker.com/id/1036088
Common Vulnerability Exposure (CVE) ID: CVE-2016-2178
BugTraq ID: 91081
http://www.securityfocus.com/bid/91081
http://eprint.iacr.org/2016/594.pdf
http://www.openwall.com/lists/oss-security/2016/06/08/2
http://www.openwall.com/lists/oss-security/2016/06/09/8
http://www.securitytracker.com/id/1036054
Common Vulnerability Exposure (CVE) ID: CVE-2016-2179
BugTraq ID: 92987
http://www.securityfocus.com/bid/92987
http://www.securitytracker.com/id/1036689
Common Vulnerability Exposure (CVE) ID: CVE-2016-2180
BugTraq ID: 92117
http://www.securityfocus.com/bid/92117
http://www.securitytracker.com/id/1036486
Common Vulnerability Exposure (CVE) ID: CVE-2016-2181
BugTraq ID: 92982
http://www.securityfocus.com/bid/92982
http://www.securitytracker.com/id/1036690
Common Vulnerability Exposure (CVE) ID: CVE-2016-2183
BugTraq ID: 92630
http://www.securityfocus.com/bid/92630
BugTraq ID: 95568
http://www.securityfocus.com/bid/95568
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
http://www-01.ibm.com/support/docview.wss?uid=swg21991482
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
http://www.splunk.com/view/SP-CAAAPSV
http://www.splunk.com/view/SP-CAAAPUE
https://access.redhat.com/articles/2548661
https://access.redhat.com/security/cve/cve-2016-2183
https://bto.bluecoat.com/security-advisory/sa133
https://bugzilla.redhat.com/show_bug.cgi?id=1369383
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
https://kc.mcafee.com/corporate/index?page=content&id=SB10171
https://kc.mcafee.com/corporate/index?page=content&id=SB10310
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
https://security.netapp.com/advisory/ntap-20160915-0001/
https://security.netapp.com/advisory/ntap-20170119-0001/
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-20
https://www.tenable.com/security/tns-2016-21
https://www.tenable.com/security/tns-2017-09
https://security.gentoo.org/glsa/201701-65
https://security.gentoo.org/glsa/201707-01
https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/
https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/
https://sweet32.info/
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.sigsac.org/ccs/CCS2016/accepted-papers/
https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue
https://www.ietf.org/mail-archive/web/tls/current/msg04560.html
RedHat Security Advisories: RHSA-2017:0336
http://rhn.redhat.com/errata/RHSA-2017-0336.html
RedHat Security Advisories: RHSA-2017:0337
http://rhn.redhat.com/errata/RHSA-2017-0337.html
RedHat Security Advisories: RHSA-2017:0338
http://rhn.redhat.com/errata/RHSA-2017-0338.html
RedHat Security Advisories: RHSA-2017:0462
http://rhn.redhat.com/errata/RHSA-2017-0462.html
RedHat Security Advisories: RHSA-2017:1216
https://access.redhat.com/errata/RHSA-2017:1216
RedHat Security Advisories: RHSA-2017:2708
https://access.redhat.com/errata/RHSA-2017:2708
RedHat Security Advisories: RHSA-2017:2709
https://access.redhat.com/errata/RHSA-2017:2709
RedHat Security Advisories: RHSA-2017:2710
https://access.redhat.com/errata/RHSA-2017:2710
RedHat Security Advisories: RHSA-2017:3113
https://access.redhat.com/errata/RHSA-2017:3113
RedHat Security Advisories: RHSA-2017:3114
https://access.redhat.com/errata/RHSA-2017:3114
RedHat Security Advisories: RHSA-2017:3239
https://access.redhat.com/errata/RHSA-2017:3239
RedHat Security Advisories: RHSA-2017:3240
https://access.redhat.com/errata/RHSA-2017:3240
RedHat Security Advisories: RHSA-2018:2123
https://access.redhat.com/errata/RHSA-2018:2123
RedHat Security Advisories: RHSA-2019:1245
https://access.redhat.com/errata/RHSA-2019:1245
RedHat Security Advisories: RHSA-2019:2859
https://access.redhat.com/errata/RHSA-2019:2859
RedHat Security Advisories: RHSA-2020:0451
https://access.redhat.com/errata/RHSA-2020:0451
http://www.securitytracker.com/id/1036696
Common Vulnerability Exposure (CVE) ID: CVE-2016-6302
BugTraq ID: 92628
http://www.securityfocus.com/bid/92628
http://www.securitytracker.com/id/1036885
Common Vulnerability Exposure (CVE) ID: CVE-2016-6303
BugTraq ID: 92984
http://www.securityfocus.com/bid/92984
Common Vulnerability Exposure (CVE) ID: CVE-2016-6306
BugTraq ID: 93153
http://www.securityfocus.com/bid/93153
https://bto.bluecoat.com/security-advisory/sa132
https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
https://www.openssl.org/news/secadv/20160922.txt
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.