Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2013.0549.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2013:0549-1)
Summary:The remote host is missing an update for the 'OpenSSL' package(s) announced via the SUSE-SU-2013:0549-1 advisory.
Description:Summary:
The remote host is missing an update for the 'OpenSSL' package(s) announced via the SUSE-SU-2013:0549-1 advisory.

Vulnerability Insight:
OpenSSL has been updated to fix several security issues:

* CVE-2012-4929: Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable 'OPENSSL_NO_DEFAULT_ZLIB' to 'no'
enables compression again.
* CVE-2013-0169: Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the 'Lucky-13' issue.
* CVE-2013-0166: A OCSP invalid key denial of service issue was fixed.

Security Issue references:

* CVE-2013-0169
>
* CVE-2013-0166
>

Affected Software/OS:
'OpenSSL' package(s) on SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Server 11 SP2, SUSE Linux Enterprise Software Development Kit 11 SP2.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-4929
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
BugTraq ID: 55704
http://www.securityfocus.com/bid/55704
Debian Security Information: DSA-2579 (Google Search)
http://www.debian.org/security/2012/dsa-2579
Debian Security Information: DSA-2627 (Google Search)
http://www.debian.org/security/2013/dsa-2627
Debian Security Information: DSA-3253 (Google Search)
http://www.debian.org/security/2015/dsa-3253
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html
HPdes Security Advisory: HPSBUX02866
http://marc.info/?l=bugtraq&m=136612293908376&w=2
HPdes Security Advisory: SSRT101139
http://jvn.jp/en/jp/JVN65273415/index.html
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html
http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html
http://news.ycombinator.com/item?id=4510829
http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor
http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312
http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512
http://www.ekoparty.org/2012/thai-duong.php
http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091
http://www.theregister.co.uk/2012/09/14/crime_tls_attack/
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
https://gist.github.com/3696912
https://github.com/mpgn/CRIME-poc
https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920
RedHat Security Advisories: RHSA-2013:0587
http://rhn.redhat.com/errata/RHSA-2013-0587.html
SuSE Security Announcement: openSUSE-SU-2012:1420 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html
SuSE Security Announcement: openSUSE-SU-2013:0143 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html
SuSE Security Announcement: openSUSE-SU-2013:0157 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html
http://www.ubuntu.com/usn/USN-1627-1
http://www.ubuntu.com/usn/USN-1628-1
http://www.ubuntu.com/usn/USN-1898-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-0166
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
CERT/CC vulnerability note: VU#737740
http://www.kb.cert.org/vuls/id/737740
Debian Security Information: DSA-2621 (Google Search)
http://www.debian.org/security/2013/dsa-2621
HPdes Security Advisory: HPSBOV02852
http://marc.info/?l=bugtraq&m=136432043316835&w=2
HPdes Security Advisory: HPSBUX02856
http://marc.info/?l=bugtraq&m=136396549913849&w=2
HPdes Security Advisory: HPSBUX02909
http://marc.info/?l=bugtraq&m=137545771702053&w=2
HPdes Security Advisory: SSRT101104
HPdes Security Advisory: SSRT101108
HPdes Security Advisory: SSRT101289
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487
RedHat Security Advisories: RHSA-2013:0782
http://rhn.redhat.com/errata/RHSA-2013-0782.html
RedHat Security Advisories: RHSA-2013:0783
http://rhn.redhat.com/errata/RHSA-2013-0783.html
RedHat Security Advisories: RHSA-2013:0833
http://rhn.redhat.com/errata/RHSA-2013-0833.html
http://secunia.com/advisories/53623
http://secunia.com/advisories/55108
http://secunia.com/advisories/55139
SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-0169
BugTraq ID: 57778
http://www.securityfocus.com/bid/57778
Cert/CC Advisory: TA13-051A
http://www.us-cert.gov/cas/techalerts/TA13-051A.html
Debian Security Information: DSA-2622 (Google Search)
http://www.debian.org/security/2013/dsa-2622
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBMU02874
http://marc.info/?l=bugtraq&m=136733161405818&w=2
HPdes Security Advisory: HPSBUX02857
http://marc.info/?l=bugtraq&m=136439120408139&w=2
HPdes Security Advisory: SSRT101103
HPdes Security Advisory: SSRT101184
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html
http://openwall.com/lists/oss-security/2013/02/05/24
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
RedHat Security Advisories: RHSA-2013:1456
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://www.securitytracker.com/id/1029190
http://secunia.com/advisories/55322
http://secunia.com/advisories/55350
http://secunia.com/advisories/55351
SuSE Security Announcement: SUSE-SU-2013:0328 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html
SuSE Security Announcement: SUSE-SU-2013:0701 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html
SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
SuSE Security Announcement: openSUSE-SU-2013:0375 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html
SuSE Security Announcement: openSUSE-SU-2013:0378 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html
http://www.ubuntu.com/usn/USN-1735-1
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.