Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871154
Category:Red Hat Local Security Checks
Title:RedHat Update for openssl RHSA-2014:0376-01
Summary:The remote host is missing an update for the 'openssl'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'openssl'
package(s) announced via the referenced advisory.

Vulnerability Insight:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

An information disclosure flaw was found in the way OpenSSL handled TLS and
DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server
could send a specially crafted TLS or DTLS Heartbeat packet to disclose a
limited portion of memory per request from a connected client or server.
Note that the disclosed portions of memory could potentially include
sensitive information such as private keys. (CVE-2014-0160)

Red Hat would like to thank the OpenSSL project for reporting this issue.
Upstream acknowledges Neel Mehta of Google Security as the original
reporter.

All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.

Affected Software/OS:
openssl on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-0160
BugTraq ID: 66690
http://www.securityfocus.com/bid/66690
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Cert/CC Advisory: TA14-098A
http://www.us-cert.gov/ncas/alerts/TA14-098A
CERT/CC vulnerability note: VU#720951
http://www.kb.cert.org/vuls/id/720951
Cisco Security Advisory: 20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
Debian Security Information: DSA-2896 (Google Search)
http://www.debian.org/security/2014/dsa-2896
http://www.exploit-db.com/exploits/32745
http://www.exploit-db.com/exploits/32764
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://seclists.org/fulldisclosure/2014/Apr/91
http://seclists.org/fulldisclosure/2014/Apr/90
http://seclists.org/fulldisclosure/2014/Apr/109
http://seclists.org/fulldisclosure/2014/Apr/173
http://seclists.org/fulldisclosure/2014/Apr/190
http://seclists.org/fulldisclosure/2014/Dec/23
HPdes Security Advisory: HPSBGN03008
http://marc.info/?l=bugtraq&m=139774054614965&w=2
HPdes Security Advisory: HPSBGN03010
http://marc.info/?l=bugtraq&m=139774703817488&w=2
HPdes Security Advisory: HPSBGN03011
http://marc.info/?l=bugtraq&m=139833395230364&w=2
HPdes Security Advisory: HPSBHF03021
http://marc.info/?l=bugtraq&m=139835815211508&w=2
HPdes Security Advisory: HPSBHF03136
http://marc.info/?l=bugtraq&m=141287864628122&w=2
HPdes Security Advisory: HPSBHF03293
http://marc.info/?l=bugtraq&m=142660345230545&w=2
HPdes Security Advisory: HPSBMU02994
http://marc.info/?l=bugtraq&m=139757726426985&w=2
HPdes Security Advisory: HPSBMU02995
http://marc.info/?l=bugtraq&m=139722163017074&w=2
HPdes Security Advisory: HPSBMU02997
http://marc.info/?l=bugtraq&m=139757919027752&w=2
HPdes Security Advisory: HPSBMU02998
http://marc.info/?l=bugtraq&m=139757819327350&w=2
HPdes Security Advisory: HPSBMU02999
http://marc.info/?l=bugtraq&m=139765756720506&w=2
HPdes Security Advisory: HPSBMU03009
http://marc.info/?l=bugtraq&m=139905458328378&w=2
HPdes Security Advisory: HPSBMU03012
http://marc.info/?l=bugtraq&m=139808058921905&w=2
HPdes Security Advisory: HPSBMU03013
http://marc.info/?l=bugtraq&m=139824993005633&w=2
HPdes Security Advisory: HPSBMU03017
http://marc.info/?l=bugtraq&m=139817727317190&w=2
HPdes Security Advisory: HPSBMU03018
http://marc.info/?l=bugtraq&m=139817782017443&w=2
HPdes Security Advisory: HPSBMU03019
http://marc.info/?l=bugtraq&m=139817685517037&w=2
HPdes Security Advisory: HPSBMU03020
http://marc.info/?l=bugtraq&m=139836085512508&w=2
HPdes Security Advisory: HPSBMU03022
http://marc.info/?l=bugtraq&m=139869891830365&w=2
HPdes Security Advisory: HPSBMU03023
http://marc.info/?l=bugtraq&m=139843768401936&w=2
HPdes Security Advisory: HPSBMU03024
http://marc.info/?l=bugtraq&m=139889113431619&w=2
HPdes Security Advisory: HPSBMU03025
http://marc.info/?l=bugtraq&m=139869720529462&w=2
HPdes Security Advisory: HPSBMU03028
http://marc.info/?l=bugtraq&m=139905243827825&w=2
HPdes Security Advisory: HPSBMU03029
http://marc.info/?l=bugtraq&m=139905202427693&w=2
HPdes Security Advisory: HPSBMU03030
http://marc.info/?l=bugtraq&m=139905351928096&w=2
HPdes Security Advisory: HPSBMU03032
http://marc.info/?l=bugtraq&m=139905405728262&w=2
HPdes Security Advisory: HPSBMU03033
http://marc.info/?l=bugtraq&m=139905295427946&w=2
HPdes Security Advisory: HPSBMU03037
http://marc.info/?l=bugtraq&m=140724451518351&w=2
HPdes Security Advisory: HPSBMU03040
http://marc.info/?l=bugtraq&m=140015787404650&w=2
HPdes Security Advisory: HPSBMU03044
http://marc.info/?l=bugtraq&m=140075368411126&w=2
HPdes Security Advisory: HPSBMU03062
http://marc.info/?l=bugtraq&m=140752315422991&w=2
HPdes Security Advisory: HPSBPI03014
http://marc.info/?l=bugtraq&m=139835844111589&w=2
HPdes Security Advisory: HPSBPI03031
http://marc.info/?l=bugtraq&m=139889295732144&w=2
HPdes Security Advisory: HPSBST03000
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
HPdes Security Advisory: HPSBST03001
http://marc.info/?l=bugtraq&m=139758572430452&w=2
HPdes Security Advisory: HPSBST03004
http://marc.info/?l=bugtraq&m=139905653828999&w=2
HPdes Security Advisory: HPSBST03015
http://marc.info/?l=bugtraq&m=139824923705461&w=2
HPdes Security Advisory: HPSBST03016
http://marc.info/?l=bugtraq&m=139842151128341&w=2
HPdes Security Advisory: HPSBST03027
http://marc.info/?l=bugtraq&m=139905868529690&w=2
HPdes Security Advisory: SSRT101846
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
http://heartbleed.com/
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
https://gist.github.com/chapmajs/10473815
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
https://www.cert.fi/en/reports/2014/vulnerability788210.html
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E
RedHat Security Advisories: RHSA-2014:0376
http://rhn.redhat.com/errata/RHSA-2014-0376.html
RedHat Security Advisories: RHSA-2014:0377
http://rhn.redhat.com/errata/RHSA-2014-0377.html
RedHat Security Advisories: RHSA-2014:0378
http://rhn.redhat.com/errata/RHSA-2014-0378.html
RedHat Security Advisories: RHSA-2014:0396
http://rhn.redhat.com/errata/RHSA-2014-0396.html
http://www.securitytracker.com/id/1030026
http://www.securitytracker.com/id/1030074
http://www.securitytracker.com/id/1030077
http://www.securitytracker.com/id/1030078
http://www.securitytracker.com/id/1030079
http://www.securitytracker.com/id/1030080
http://www.securitytracker.com/id/1030081
http://www.securitytracker.com/id/1030082
http://secunia.com/advisories/57347
http://secunia.com/advisories/57483
http://secunia.com/advisories/57721
http://secunia.com/advisories/57836
http://secunia.com/advisories/57966
http://secunia.com/advisories/57968
http://secunia.com/advisories/59139
http://secunia.com/advisories/59243
http://secunia.com/advisories/59347
SuSE Security Announcement: SUSE-SA:2014:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html
SuSE Security Announcement: openSUSE-SU-2014:0492 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html
SuSE Security Announcement: openSUSE-SU-2014:0560 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html
http://www.ubuntu.com/usn/USN-2165-1
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.