This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Multiple sources report :
CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function in
rw.cpp in libcrypt++ 5.6.2 does not properly blind private key
operations for the Rabin-Williams digital signature algorithm, which
allows remote attackers to obtain private keys via a timing attack.
Fixed in 5.6.3.
CVE-2016-3995: Incorrect implementation of Rijndael timing attack
countermeasure. Fixed in 5.6.4.
CVE-2016-7420: Library built without -DNDEBUG could egress sensitive
information to the filesystem via a core dump if an assert was
triggered. Fixed in 5.6.5.
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 5.0