Stay Secure with the Latest Linux Advisories

security advisorymoderatesoftware update

Fedora 10: 2009-0577 Moderate: libnasl OpenSSL Signature Checks Issue

libnasl: OpenSSL incorrect checks for malformed signatures https://bugzilla.redhat.com/show_bug.cgi?id=479655. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-0577 2009-01-16 22:38:38 --------------------------------------------------------------------------------Name : libnasl Product : Fedora 10 Version : 2.2.11 Release : 3.fc10 URL : https://www.tenable.com/ Summary : Nessus Attack Scripting Language Description : NASL is a scripting language designed for the Nessus security scanner. Its aim is to allow anyone to write a test for a given security hole in a few minutes, to allow people to share their tests without having to worry about their operating system, and to guarantee everyone that a NASL script can not do anything nasty except performing a given security test against a given target. Thus, NASL allows you to easily forge IP packets, or to send regular packets. It provides you some convenient functions that will make the test of web and FTP server more easy to write. NASL garantees you that a NASL script: - will not send any packet to a host other than the target host, - will not execute any commands on your local system. --------------------------------------------------------------------------------ChangeLog: --------------------------------------------------------------------------------References: [ 1 ] Bug #479655 - libnasl: OpenSSL incorrect checks for malformed signatures https://bugzilla.redhat.com/show_bug.cgi?id=479655 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update libnasl' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . CentOS alert regarding libnasl addresses flawed OpenSSL validations for invalid signatures released on January 16, 2009.. libnasl update, OpenSSL issues, Fedora security advisory, Nessus scripting language, libnasl security. . Severity: Important. LinuxSecurity.com Team

Jan 26, 2009 •Important Fedora