Detections
Analytics
SuSE 11.2 Security Update : OpenSSL (SAT Patch Number 7548)
medium Nessus Plugin ID 65718
Language:
Synopsis
The remote SuSE 11 host is missing one or more security updates.Description
OpenSSL has been updated to fix several security issues :- Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable 'OPENSSL_NO_DEFAULT_ZLIB' to 'no' enables compression again. (CVE-2012-4929)
- Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the 'Lucky-13' issue. (CVE-2013-0169)
- A OCSP invalid key denial of service issue was fixed.
(CVE-2013-0166)
Solution
Apply SAT patch number 7548.See Also
https://bugzilla.novell.com/show_bug.cgi?id=779952
https://bugzilla.novell.com/show_bug.cgi?id=802648
https://bugzilla.novell.com/show_bug.cgi?id=802746
http://support.novell.com/security/cve/CVE-2012-4929.html
Plugin Details
Severity: Medium
ID: 65718
File Name: suse_11_libopenssl-devel-130325.nasl
Version: 1.10
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 3/28/2013
Updated: 12/5/2022
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.9
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac, p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac-32bit, p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit, p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8, p-cpe:/a:novell:suse_linux:11:openssl, p-cpe:/a:novell:suse_linux:11:openssl-doc, cpe:/o:novell:suse_linux:11
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 3/25/2013