SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10208)
Medium Nessus Plugin ID 81120
The remote SuSE 11 host is missing one or more security updates.
OpenSSL (compat-openssl097g) has been updated to fix various security issues. More information can be found in the openssl advisory: http://openssl.org/news/secadv_20150108.txt . The following issues have been fixed : - Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64. (bsc#912296). (CVE-2014-3570) - Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. (bsc#912015). (CVE-2014-3572) - Fixed various certificate fingerprint issues. (bsc#912018). (CVE-2014-8275) - Only allow ephemeral RSA keys in export ciphersuites. (bsc#912014). (CVE-2015-0204) - A fix was added to prevent use of DH client certificates without sending certificate verify message. Note that compat-openssl097g is not affected by this problem, a fix was however applied to the sources. (bsc#912293). (CVE-2015-0205)