Summary
The remote host is missing updates announced in
advisory GLSA 201110-01.
Solution
All OpenSSL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.0e'
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues.
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-01 http://bugs.gentoo.org/show_bug.cgi?id=303739
http://bugs.gentoo.org/show_bug.cgi?id=308011
http://bugs.gentoo.org/show_bug.cgi?id=322575
http://bugs.gentoo.org/show_bug.cgi?id=332027
http://bugs.gentoo.org/show_bug.cgi?id=345767
http://bugs.gentoo.org/show_bug.cgi?id=347623
http://bugs.gentoo.org/show_bug.cgi?id=354139
http://bugs.gentoo.org/show_bug.cgi?id=382069
Insight
Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks.
Severity
Classification
-
CVE CVE-2009-3245, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740, CVE-2010-0742, CVE-2010-1633, CVE-2010-2939, CVE-2010-3864, CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-3207, CVE-2011-3210 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities