Slackware Advisory SSA:2003-141-05 Mod_ssl RSA Blinding Fixes Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2003-141-05.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2003-141-05

Insight

An upgrade for mod_ssl to version 2.8.14_1.3.27 is now available. This version provides RSA blinding by default which prevents an extended timing analysis from revealing details of the secret key to an attacker. Note that this problem was already fixed within OpenSSL, so this is a 'double fix'. With this package, mod_ssl is secured even if OpenSSL is not. We recommend sites using mod_ssl upgrade to this new package.

Severity

Classification

CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Slackware Advisory SSA:2004-077-01 OpenSSL security update
Slackware Advisory SSA:2003-300-02 fetchmail security update
Slackware Advisory SSA:2007-222-01 gimp
Slackware Advisory SSA:2004-202-01 PHP
Slackware Advisory SSA:2007-200-01 firefox

Slackware Advisory SSA:2003-141-05 mod_ssl RSA blinding fixes

Take action and discover your vulnerabilities