Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2019.1258
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1258)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'openssl' package(s) announced via the EulerOS-SA-2019-1258 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'openssl' package(s) announced via the EulerOS-SA-2019-1258 advisory. Vulnerability Insight: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable 'non-stitched' ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).(CVE-2019-1559) Affected Software/OS: 'openssl' package(s) on Huawei EulerOS Virtualization 2.5.3. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-1559 BugTraq ID: 107174 http://www.securityfocus.com/bid/107174 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e https://kc.mcafee.com/corporate/index?page=content&id=SB10282 https://security.netapp.com/advisory/ntap-20190301-0001/ https://security.netapp.com/advisory/ntap-20190301-0002/ https://security.netapp.com/advisory/ntap-20190423-0002/ https://support.f5.com/csp/article/K18549143 https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS https://www.openssl.org/news/secadv/20190226.txt https://www.tenable.com/security/tns-2019-02 https://www.tenable.com/security/tns-2019-03 Debian Security Information: DSA-4400 (Google Search) https://www.debian.org/security/2019/dsa-4400 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/ https://security.gentoo.org/glsa/201903-10 https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html RedHat Security Advisories: RHSA-2019:2304 https://access.redhat.com/errata/RHSA-2019:2304 RedHat Security Advisories: RHSA-2019:2437 https://access.redhat.com/errata/RHSA-2019:2437 RedHat Security Advisories: RHSA-2019:2439 https://access.redhat.com/errata/RHSA-2019:2439 RedHat Security Advisories: RHSA-2019:2471 https://access.redhat.com/errata/RHSA-2019:2471 RedHat Security Advisories: RHSA-2019:3929 https://access.redhat.com/errata/RHSA-2019:3929 RedHat Security Advisories: RHSA-2019:3931 https://access.redhat.com/errata/RHSA-2019:3931 SuSE Security Announcement: openSUSE-SU-2019:1076 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html SuSE Security Announcement: openSUSE-SU-2019:1105 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html SuSE Security Announcement: openSUSE-SU-2019:1173 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html SuSE Security Announcement: openSUSE-SU-2019:1175 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html SuSE Security Announcement: openSUSE-SU-2019:1432 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html SuSE Security Announcement: openSUSE-SU-2019:1637 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html https://usn.ubuntu.com/3899-1/ https://usn.ubuntu.com/4376-2/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.