openSUSE Security Update : openssl (openSUSE-SU-2014:1426-1) (POODLE)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

openSSL was updated to version 1.0.1j to fix four security issues and
various other issues.

These security issues were fixed :

- Fix SRTP Memory Leak (CVE-2014-3513)

- Session Ticket Memory Leak (CVE-2014-3567)

- Add SSL 3.0 Fallback protection TLS_FALLBACK_SCSV
(CVE-2014-3566)

- Build option no-ssl3 is incomplete (CVE-2014-3568)

See also :

http://lists.opensuse.org/opensuse-updates/2014-11/msg00059.html

Solution :

Update the affected openssl packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 79269 ()

Bugtraq ID:

CVE ID: CVE-2014-3513
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now