openSUSE Security Update : polarssl (openSUSE-SU-2014:1457-1)

High Nessus Plugin ID 79348


The remote openSUSE host is missing a security update.


polarssl was updated to version 1.3.9 to fix two security issues.

These security issues were fixed :

- Lowest common hash was selected from signature_algorithms extension in TLS 1.2 (CVE-2014-8627).

- Remotely-triggerable memory leak when parsing some X.509 certificates (CVE-2014-8628).


Update the affected polarssl packages.

See Also

Plugin Details

Severity: High

ID: 79348

File Name: openSUSE-2014-689.nasl

Version: $Revision: 1.3 $

Type: local

Agent: unix

Published: 2014/11/20

Modified: 2015/08/26

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libpolarssl7, p-cpe:/a:novell:opensuse:libpolarssl7-debuginfo, p-cpe:/a:novell:opensuse:polarssl-devel, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2014/11/12

Reference Information

CVE: CVE-2014-8627, CVE-2014-8628