OracleVM 3.3 : openssl (OVMSA-2015-0065) (Logjam)
Medium Nessus Plugin ID 84004
SynopsisThe remote OracleVM host is missing a security update.
DescriptionThe remote OracleVM system is missing necessary patches to address critical security updates :
- fix CVE-2015-4000 - prevent the logjam attack on client
- restrict the DH key size to at least 768 bits (limit will be increased in future)
- drop the AES-GCM restriction of 2^32 operations because the IV is always 96 bits (32 bit fixed field + 64 bit invocation field)
SolutionUpdate the affected openssl package.