FreeBSD : mbed TLS -- plaintext recovery vulnerabilities (f4876dd4-9ca8-11e8-aa17-0011d823eebd)
Medium Nessus Plugin ID 111659
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionSimon Butcher reports :
- When using a CBC based ciphersuite, a remote attacker can partially recover the plaintext.
- When using a CBC based ciphersuite, an attacker with the ability to execute arbitrary code on the machine under attack can partially recover the plaintext by use of cache based side-channels.
SolutionUpdate the affected package.