Description: | Description: The remote host is missing an update to openssl announced via advisory FEDORA-2010-5357.
Update Information:
Update to upstream version 0.9.8n fixing multiple security issues: CVE-2009-3555, CVE-2009-3245, CVE-2009-4355, and CVE-2010-0433. Refer to upstream CHANGES file for the detailed list of changes since version 0.9.8k: * http://cvs.openssl.org/fileview?f=openssl/CHANGES&v=1.1238.2.193
References:
[ 1 ] Bug #533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation https://bugzilla.redhat.com/show_bug.cgi?id=533125 [ 2 ] Bug #570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks https://bugzilla.redhat.com/show_bug.cgi?id=570924 [ 3 ] Bug #546707 - CVE-2009-4355 openssl significant memory leak in certain SSLv3 requests (DoS) https://bugzilla.redhat.com/show_bug.cgi?id=546707 [ 4 ] Bug #569774 - CVE-2010-0433 openssl: crash caused by a missing krb5_sname_to_principal() return value check https://bugzilla.redhat.com/show_bug.cgi?id=569774
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update openssl' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2010-5357
Risk factor : Critical
CVSS Score: 10.0
|