Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Amazon Linux Local Check: alas-2016-749

Information

Severity

Severity

High

Family

Family

Amazon Linux Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

5 years ago

Modified

Modified

4 years ago

Summary

Amazon Linux Local Security Checks

Insight

Insight

A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.The OpenSSL Security Advisory [22 Sep 2016] refers to additional CVEs. CVE-2016-6305 does not affect OpenSSL 1.0.1. The remaining CVEs listed will be fixed in a later update.The OpenSSL Security Advisory [26 Sep 2016] refers to two additional CVEs which do not affect OpenSSL 1.0.1.(Updated 2016-09-26: Included a reference to the 26 Sep 2016 upstream advisory.)

Solution

Solution

Run yum update openssl to update your system.

Common Vulnerabilities and Exposures (CVE)