Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.882363
Category:CentOS Local Security Checks
Title:CentOS Update for openssl CESA-2016:0008 centos6
Summary:Check the version of openssl
Description:Summary:
Check the version of openssl

Vulnerability Insight:
OpenSSL is a toolkit that implements the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols,
as well as a full-strength, general purpose cryptography library.

A flaw was found in the way TLS 1.2 could use the MD5 hash function for
signing ServerKeyExchange and Client Authentication packets during a TLS
handshake. A man-in-the-middle attacker able to force a TLS connection to
use the MD5 hash function could use this flaw to conduct collision attacks
to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)

All openssl users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library must be restarted, or
the system rebooted.

Affected Software/OS:
openssl on CentOS 6

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-7575
BugTraq ID: 79684
http://www.securityfocus.com/bid/79684
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Debian Security Information: DSA-3436 (Google Search)
http://www.debian.org/security/2016/dsa-3436
Debian Security Information: DSA-3437 (Google Search)
http://www.debian.org/security/2016/dsa-3437
Debian Security Information: DSA-3457 (Google Search)
http://www.debian.org/security/2016/dsa-3457
Debian Security Information: DSA-3458 (Google Search)
http://www.debian.org/security/2016/dsa-3458
Debian Security Information: DSA-3465 (Google Search)
http://www.debian.org/security/2016/dsa-3465
Debian Security Information: DSA-3491 (Google Search)
http://www.debian.org/security/2016/dsa-3491
Debian Security Information: DSA-3688 (Google Search)
http://www.debian.org/security/2016/dsa-3688
https://security.gentoo.org/glsa/201701-46
https://security.gentoo.org/glsa/201706-18
https://security.gentoo.org/glsa/201801-15
RedHat Security Advisories: RHSA-2016:0049
http://rhn.redhat.com/errata/RHSA-2016-0049.html
RedHat Security Advisories: RHSA-2016:0050
http://rhn.redhat.com/errata/RHSA-2016-0050.html
RedHat Security Advisories: RHSA-2016:0053
http://rhn.redhat.com/errata/RHSA-2016-0053.html
RedHat Security Advisories: RHSA-2016:0054
http://rhn.redhat.com/errata/RHSA-2016-0054.html
RedHat Security Advisories: RHSA-2016:0055
http://rhn.redhat.com/errata/RHSA-2016-0055.html
RedHat Security Advisories: RHSA-2016:0056
http://rhn.redhat.com/errata/RHSA-2016-0056.html
RedHat Security Advisories: RHSA-2016:1430
https://access.redhat.com/errata/RHSA-2016:1430
http://www.securitytracker.com/id/1034541
http://www.securitytracker.com/id/1036467
SuSE Security Announcement: SUSE-SU-2016:0256 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
SuSE Security Announcement: SUSE-SU-2016:0265 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
SuSE Security Announcement: SUSE-SU-2016:0269 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
SuSE Security Announcement: openSUSE-SU-2015:2405 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html
SuSE Security Announcement: openSUSE-SU-2016:0007 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html
SuSE Security Announcement: openSUSE-SU-2016:0161 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html
SuSE Security Announcement: openSUSE-SU-2016:0162 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html
SuSE Security Announcement: openSUSE-SU-2016:0263 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
SuSE Security Announcement: openSUSE-SU-2016:0268 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
SuSE Security Announcement: openSUSE-SU-2016:0270 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
SuSE Security Announcement: openSUSE-SU-2016:0272 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
SuSE Security Announcement: openSUSE-SU-2016:0279 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
SuSE Security Announcement: openSUSE-SU-2016:0307 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
SuSE Security Announcement: openSUSE-SU-2016:0308 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
SuSE Security Announcement: openSUSE-SU-2016:0488 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html
SuSE Security Announcement: openSUSE-SU-2016:0605 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html
http://www.ubuntu.com/usn/USN-2863-1
http://www.ubuntu.com/usn/USN-2864-1
http://www.ubuntu.com/usn/USN-2865-1
http://www.ubuntu.com/usn/USN-2866-1
http://www.ubuntu.com/usn/USN-2884-1
http://www.ubuntu.com/usn/USN-2904-1
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.