Mandrake Linux Security Advisory : openssl (MDKSA-2006:161)
Medium Nessus Plugin ID 23905
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionDaniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures where an RSA key with a small exponent used could be vulnerable to forgery of a PKCS #1 v1.5 signature signed by that key.
Any software using OpenSSL to verify X.509 certificates is potentially vulnerable to this issue, as well as any other use of PKCS #1 v1.5, including software uses OpenSSL for SSL or TLS.
Updated packages are patched to address this issue.
SolutionUpdate the affected packages.