Scientific Linux Security Update : openssl on SL6.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL
v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

An uninitialized variable use flaw was found in OpenSSL. This flaw
could cause an application using the OpenSSL Certificate Revocation
List (CRL) checking functionality to incorrectly accept a CRL that has
a nextUpdate date in the past. (CVE-2011-3207)

All OpenSSL users should upgrade to these updated packages, which
contain a backported patch to resolve this issue. For the update to
take effect, all services linked to the OpenSSL library must be
restarted, or the system rebooted.

See also :

http://www.nessus.org/u?cae0b575

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 61165 ()

Bugtraq ID:

CVE ID: CVE-2011-3207