Detections
Analytics

Fedora Core 4 : openssl-0.9.7f-7.10 / openssl097a-0.9.7a-3.1 (2005-986)

high Nessus Plugin ID 20023

Synopsis

The remote Fedora Core host is missing one or more security updates.

Description

The remote Fedora Core host is missing one or more security updates :

openssl-0.9.7f-7.10 :

 - Wed Oct 12 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7f-7.10

 - fix CVE-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863)

 - more fixes for constant time/memory access for DSA signature algorithm

 - updated ICA engine patch

 - ca-bundle.crt should be config(noreplace)

 - add *.so.soversion as symlinks in /lib (#165264)

 - remove unpackaged symlinks (#159595)

 - fixes from upstream (bn assembler div on ppc arch, initialize memory on realloc)

openssl097a-0.9.7a-3.1 :

 - Tue Oct 11 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7a-3.1

 - fix CVE-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863)

 - more fixes for constant time/memory access for DSA signature algorithm

 - updated ICA engine patch

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?53c3d395

http://www.nessus.org/u?8f1f911c

Plugin Details

Severity: High

ID: 20023

File Name: fedora_2005-986.nasl

Version: 1.16

Type: local

Agent: unix

Published: 10/19/2005

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:openssl, p-cpe:/a:fedoraproject:fedora:openssl-debuginfo, p-cpe:/a:fedoraproject:fedora:openssl-devel, p-cpe:/a:fedoraproject:fedora:openssl-perl, p-cpe:/a:fedoraproject:fedora:openssl097a, p-cpe:/a:fedoraproject:fedora:openssl097a-debuginfo, cpe:/o:fedoraproject:fedora_core:4

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 10/13/2005

Reference Information

FEDORA: 2005-986