Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Slackware Advisory SSA:2003-141-05 mod_ssl RSA blinding fixes
Information
Severity
Severity
Medium
Family
Family
Slackware Local Security Checks
CVSSv2 Base
CVSSv2 Base
6.8
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Solution Type
Solution Type
Vendor Patch
Created
Created
11 years ago
Modified
Modified
5 years ago
Summary
The remote host is missing an update as announced via advisory SSA:2003-141-05.
Insight
Insight
An upgrade for mod_ssl to version 2.8.14_1.3.27 is now available. This version provides RSA blinding by default which prevents an extended timing analysis from revealing details of the secret key to an attacker. Note that this problem was already fixed within OpenSSL, so this is a 'double fix'. With this package, mod_ssl is secured even if OpenSSL is not.
Solution
Solution
Upgrade to the new package(s).