[SUSE-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: PatchesforSUSELinuxEnterprise
Notification of New SUSE Fixlet Messages
suse-announcements at bigmail.bigfix.com
Thu Nov 19 03:10:08 PST 2009
Fixlet Site - PatchesforSUSELinuxEnterprise
Current Version: 275 Published: Thu, 19 Nov 2009 03:11:17 GMT
New Fixlets:
============
***************************************************************
Title: PATCH-12550 - Security update for OpenSSL - SLES9
Severity: <Unspecified>
Fixlet ID: 1255001
Fixlet Link: http://download.novell.com/Download?buildid=r2pf_jDeNfY~
Fixlet Description: The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. Please note that renegotiation will be disabled by this update and may cause problems in some cases. (CVE-2009-3555: CVSS v2 Base Score: 6.4) Please update. Please see patch page for more detailed information.
More information about the SUSE-Announcements
mailing list