Check the version of openssl

Please Install the Updated Packages.

openssl was updated to 1.0.1k to fix various security issues and bugs. More information can be found in the openssl advisory: <a rel='nofollow' href='http://openssl.org/news/secadv_20150108.txt'>http://openssl.org/news/secadv_20150108.txt Following issues were fixed: * CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64. * CVE-2014-3571 (bsc#912294): Fixed crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. * CVE-2014-3572 (bsc#912015): Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. * CVE-2014-8275 (bsc#912018): Fixed various certificate fingerprint issues. * CVE-2015-0204 (bsc#912014): Only allow ephemeral RSA keys in export ciphersuites * CVE-2015-0205 (bsc#912293): A fixwas added to prevent use of DH client certificates without sending certificate verify message. * CVE-2015-0206 (bsc#912292): A memory leak was fixed in dtls1_buffer_record.

openssl on openSUSE 13.1

Get the installed version with the help of detect NVT and check if the version is vulnerable or not.

• http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html

---

Updated on 2015-03-25