Slackware 9.0 : mod_ssl RSA blinding fixes (SSA:2003-141-05)

high Nessus Plugin ID 18715

Synopsis

The remote Slackware host is missing a security update.

Description

An upgrade for mod_ssl to version 2.8.14_1.3.27 is now available.
This version provides RSA blinding by default which prevents an extended timing analysis from revealing details of the secret key to an attacker. Note that this problem was already fixed within OpenSSL, so this is a 'double fix'. With this package, mod_ssl is secured even if OpenSSL is not. We recommend sites using mod_ssl upgrade to this new package.

Solution

Update the affected mod_ssl package.

See Also

http://www.nessus.org/u?4ce4cb0b

Plugin Details

Severity: High

ID: 18715

File Name: Slackware_SSA_2003-141-05.nasl

Version: 1.15

Type: local

Published: 7/13/2005

Updated: 1/14/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:mod_ssl, cpe:/o:slackware:slackware_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Patch Publication Date: 5/21/2003

Reference Information

SSA: 2003-141-05