Mandriva Linux Security Advisory : openssl (MDVSA-2009:001)
Medium Nessus Plugin ID 37839
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability was found by the Google Security Team with how OpenSSL checked the verification of certificates. An attacker in control of a malicious server or able to effect a man-in-the-middle attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client, which would then bypass the certificate validation (CVE-2008-5077).
The updated packages have been patched to prevent this issue.
SolutionUpdate the affected packages.