This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
This update for libressl to version 2.5.1 fixes the following issues :
These security issues were fixed :
- CVE-2016-0702: Prevent side channel attack on modular
- CVE-2016-7056: Avoid a side-channel cache-timing attack
that can leak the ECDSA private keys when signing
These non-security issues were fixed :
- Detect zero-length encrypted session data early
- Curve25519 Key Exchange support.
- Support for alternate chains for certificate
- Added EVP interface for MD5+SHA1 hashes
- Fixed DTLS client failures when the server sends a
- Corrected handling of padding when upgrading an SSLv2
challenge into an SSLv3/TLS connection.
- Allowed protocols and ciphers to be set on a TLS config
object in libtls.
For additional changes please refer to the changelog.
See also :
Update the affected libressl packages.
Risk factor :
Low / CVSS Base Score : 1.9