Today Tenable has released maintenance updates for two separate products, The Nessus vulnerability scanner and the Passive Vulnerability Scanner (PVS™). Customers are strongly encouraged to apply these updates to all instances as it updates the OpenSSL libraries to patch a vulnerability, and in the case of Nessus addresses a couple of minor bug fixes. Its important to stay up-to-date on all Tenable software to take advantage of all the latest features and improvements. For more information on upgrading Tenable products, please refer to the Nessus and PVS documentation pages.
The latest release of Nessus (5.2.7) and PVS (4.0.3) includes an update for the following OpenSSL vulnerability:
- OpenSSL libraries have been updated to OpenSSL 1.0.0m, addressing CVE-2014-0224
Nessus 5.2.7 addresses the following two additional issues:
- A race condition occurring when a scan started but then appears as aborted with no results (triggered when a remote scanner was under heavy use)
- Fixes for a potential deadlock between processes
Nessus is the most trusted vulnerability scanner on the market today, with over 20,000 customers. Nessus has broad coverage of vulnerabilities and includes the ability to scan for mobile device vulnerabilities, integrates with patch management systems, and discovers malware. You can learn more about Nessus on the Nessus homepage.
Tenable’s PVS delivers continuous network monitoring and profiling for non-intrusive scanning and assessment of network security. PVS is essential in discovering risks from BYOD/mobile and virtual devices and cloud-based applications, and for insight into services, security vulnerabilities, suspicious network relationships, and compliance violations. Learn more about PVS on the PVS homepage.