Alert GCSA-15016 - Vulnerabilita' multiple in OpenSSL
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-15016
Data : 20 Marzo 2015
Titolo : Vulnerabilita' multiple in OpenSSL
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple in OpenSSL, che potrebbero
permettere ad un utente remoto di causare condizioni di denial of service.
Per una descrizione completa delle vulnerabilita' si rimanda alla sezione 'Riferimenti'.
:: Software interessato
Tutte le versioni precedenti a:
OpenSSL 0.9.8zf
OpenSSL 1.0.0r
OpenSSL 1.0.1m
OpenSSL 1.0.2a
:: Impatto
Denial of service
Modifica di informazioni di sistema
Impatto sconosciuto
:: Soluzioni
Aggiornare il software alle seguenti versioni:
OpenSSL 0.9.8zf
OpenSSL 1.0.0r
OpenSSL 1.0.1m
OpenSSL 1.0.2a
:: Riferimenti
OpenSSL Security Advisory:
http://openssl.org/news/secadv_20150319.txt
Security Tracker:
http://www.securitytracker.com/id/1031929
ISC SANS:
https://isc.sans.edu/diary/OpenSSL+Patch+Released/19485
Mitre CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1787
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFVDCAxwZxMk2USYEIRAio6AKCSTWhrM8F/FPhJ/N8ROhavv4acEgCgrZzW
Kz/M0h1kFfbWDLFnymqFtwc=
=fkEG
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-15016
Data : 20 Marzo 2015
Titolo : Vulnerabilita' multiple in OpenSSL
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple in OpenSSL, che potrebbero
permettere ad un utente remoto di causare condizioni di denial of service.
Per una descrizione completa delle vulnerabilita' si rimanda alla sezione 'Riferimenti'.
:: Software interessato
Tutte le versioni precedenti a:
OpenSSL 0.9.8zf
OpenSSL 1.0.0r
OpenSSL 1.0.1m
OpenSSL 1.0.2a
:: Impatto
Denial of service
Modifica di informazioni di sistema
Impatto sconosciuto
:: Soluzioni
Aggiornare il software alle seguenti versioni:
OpenSSL 0.9.8zf
OpenSSL 1.0.0r
OpenSSL 1.0.1m
OpenSSL 1.0.2a
:: Riferimenti
OpenSSL Security Advisory:
http://openssl.org/news/secadv_20150319.txt
Security Tracker:
http://www.securitytracker.com/id/1031929
ISC SANS:
https://isc.sans.edu/diary/OpenSSL+Patch+Released/19485
Mitre CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1787
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFVDCAxwZxMk2USYEIRAio6AKCSTWhrM8F/FPhJ/N8ROhavv4acEgCgrZzW
Kz/M0h1kFfbWDLFnymqFtwc=
=fkEG
-----END PGP SIGNATURE-----