SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10033)

Medium Nessus Plugin ID 79738


The remote SuSE 11 host is missing one or more security updates.


The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues :

- Build option no-ssl3 is incomplete. (CVE-2014-3568)

- Add support for TLS_FALLBACK_SCSV. (CVE-2014-3566)

- Information leak in pretty printing functions.

- OCSP bad key DoS attack. (CVE-2013-0166)

- SSL/TLS CBC plaintext recovery attack. (CVE-2013-0169)

- Anonymous ECDH denial of service. (CVE-2014-3470)

- SSL/TLS MITM vulnerability (CVE-2014-0224)


Apply SAT patch number 10033.

See Also

Plugin Details

Severity: Medium

ID: 79738

File Name: suse_11_compat-openssl097g-141202.nasl

Version: $Revision: 1.4 $

Type: local

Agent: unix

Published: 2014/12/05

Modified: 2015/01/28

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:compat-openssl097g, p-cpe:/a:novell:suse_linux:11:compat-openssl097g-32bit, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/12/02

Exploitable With

Core Impact

Reference Information

CVE: CVE-2013-0166, CVE-2013-0169, CVE-2014-0224, CVE-2014-3470, CVE-2014-3508, CVE-2014-3566, CVE-2014-3568