Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0977
The remote host is missing updates announced in
advisory RHSA-2010:0977.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code.
A remote attacker could possibly use this flaw to change the ciphersuite
associated with a cached session stored on the server, if the server
enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly
forcing the client to use a weaker ciphersuite after resuming the session.
(CVE-2010-4180, CVE-2008-7270)

Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
option has no effect and this bug workaround can no longer be enabled.

It was discovered that OpenSSL did not always check the return value of the
bn_wexpand() function. An attacker able to trigger a memory allocation
failure in that function could possibly crash an application using the
OpenSSL library and its UBSEC hardware engine support. (CVE-2009-3245)

All OpenSSL users should upgrade to these updated packages, which contain
backported patches to resolve these issues. For the update to take effect,
all services linked to the OpenSSL library must be restarted, or the system

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-7270
BugTraq ID: 45254
HPdes Security Advisory: HPSBHF02706
HPdes Security Advisory: HPSBMU02759
HPdes Security Advisory: SSRT100613
HPdes Security Advisory: SSRT100817
Common Vulnerability Exposure (CVE) ID: CVE-2009-3245
BugTraq ID: 38562
HPdes Security Advisory: HPSBOV02540
HPdes Security Advisory: HPSBUX02517
HPdes Security Advisory: SSRT100058
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-4180
BugTraq ID: 45164
CERT/CC vulnerability note: VU#737740
Debian Security Information: DSA-2141 (Google Search)
HPdes Security Advisory: HPSBMA02658
HPdes Security Advisory: HPSBOV02670
HPdes Security Advisory: HPSBUX02638
HPdes Security Advisory: SSRT100339
HPdes Security Advisory: SSRT100413
HPdes Security Advisory: SSRT100475
SuSE Security Announcement: SUSE-SR:2011:001 (Google Search)
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
SuSE Security Announcement: SUSE-SU-2011:0847 (Google Search)
SuSE Security Announcement: openSUSE-SU-2011:0845 (Google Search)
CopyrightCopyright (c) 2010 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.