Mandrake Linux Security Advisory : openssl (MDKSA-2005:096)
High Nessus Plugin ID 18434
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionColin Percival reported a cache timing attack that could be used to allow a malicious local user to gain portions of cryptographic keys (CVE-2005-0109). The OpenSSL library has been patched to add a new fixed-window mod_exp implementation as default for RSA, DSA, and DH private key operations. The patch was designed to mitigate cache timing and possibly related attacks.
SolutionUpdate the affected packages.