Mandriva Linux Security Advisory : openssl (MDVSA-2011:136)
Low Nessus Plugin ID 56324
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered and corrected in openssl :
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation (CVE-2011-1945).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
The updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.