openSUSE Security Update : openssl (openSUSE-SU-2015:0130-1) (FREAK)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

openssl was updated to 1.0.1k to fix various security issues and bugs.

More information can be found in the openssl advisory:

Following issues were fixed :

- CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may
have produced incorrect results on some platforms,
including x86_64.

- CVE-2014-3571 (bsc#912294): Fixed crash in
dtls1_get_record whilst in the listen state where you
get two separate reads performed - one for the header
and one for the body of the handshake record.

- CVE-2014-3572 (bsc#912015): Don't accept a handshake
using an ephemeral ECDH ciphersuites with the server key
exchange message omitted.

- CVE-2014-8275 (bsc#912018): Fixed various certificate
fingerprint issues.

- CVE-2015-0204 (bsc#912014): Only allow ephemeral RSA
keys in export ciphersuites

- CVE-2015-0205 (bsc#912293): A fixwas added to prevent
use of DH client certificates without sending
certificate verify message.

- CVE-2015-0206 (bsc#912292): A memory leak was fixed in

See also :

Solution :

Update the affected openssl packages.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: SuSE Local Security Checks

Nessus Plugin ID: 80991 ()

Bugtraq ID:

CVE ID: CVE-2014-3569

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now