Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0978
The remote host is missing updates announced in
advisory RHSA-2010:0978.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code.
A remote attacker could possibly use this flaw to change the ciphersuite
associated with a cached session stored on the server, if the server
enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly
forcing the client to use a weaker ciphersuite after resuming the session.
(CVE-2010-4180, CVE-2008-7270)

Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
option has no effect and this bug workaround can no longer be enabled.

All OpenSSL users should upgrade to these updated packages, which contain a
backported patch to resolve these issues. For the update to take effect,
all services linked to the OpenSSL library must be restarted, or the system

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Medium

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-7270
BugTraq ID: 45254
HPdes Security Advisory: HPSBHF02706
HPdes Security Advisory: HPSBMU02759
HPdes Security Advisory: SSRT100613
HPdes Security Advisory: SSRT100817
Common Vulnerability Exposure (CVE) ID: CVE-2010-4180
BugTraq ID: 45164
CERT/CC vulnerability note: VU#737740
Debian Security Information: DSA-2141 (Google Search)
HPdes Security Advisory: HPSBMA02658
HPdes Security Advisory: HPSBOV02670
HPdes Security Advisory: HPSBUX02638
HPdes Security Advisory: SSRT100339
HPdes Security Advisory: SSRT100413
HPdes Security Advisory: SSRT100475
SuSE Security Announcement: SUSE-SR:2011:001 (Google Search)
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
SuSE Security Announcement: SUSE-SU-2011:0847 (Google Search)
SuSE Security Announcement: openSUSE-SU-2011:0845 (Google Search)
CopyrightCopyright (c) 2010 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.