This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated openssl packages that fix one security issue are now available
for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL
v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
An uninitialized variable use flaw was found in OpenSSL. This flaw
could cause an application using the OpenSSL Certificate Revocation
List (CRL) checking functionality to incorrectly accept a CRL that has
a nextUpdate date in the past. (CVE-2011-3207)
All OpenSSL users should upgrade to these updated packages, which
contain a backported patch to resolve this issue. For the update to
take effect, all services linked to the OpenSSL library must be
restarted, or the system rebooted.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false