OracleVM 3.3 : openssl (OVMSA-2015-0005) (FREAK)
Medium Nessus Plugin ID 80929
SynopsisThe remote OracleVM host is missing a security update.
DescriptionThe remote OracleVM system is missing necessary patches to address critical security updates :
- fix CVE-2014-3570 - incorrect computation in BN_sqr
- fix CVE-2014-3571 - possible crash in dtls1_get_record
- fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state
- fix CVE-2014-8275 - various certificate fingerprint issues
- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export ciphersuites and on server
- fix CVE-2015-0205 - do not allow unauthenticated client DH certificate
- fix CVE-2015-0206 - possible memory leak when buffering DTLS records
- use FIPS approved method for computation of d in RSA
SolutionUpdate the affected openssl package.