Appliance update: SLOTH vulnerability

Post Reply
User avatar
mark
Site Admin
Posts: 5513
Joined: Tue Apr 25, 2000 6:56 pm

Appliance update: SLOTH vulnerability

Post by mark »

There's a vulnerability in the TLS 1.2 protocol with MD5 signatures. It's being called "SLOTH" and is referenced by CVE-2015-7575.

There's also a vulnerability in rpcbind that could prevent mounting of NFS resources. It is referenced by CVE-2015-7236.

Install the packages openssl, nss, nss-sysinit, nss-tools, rpcbind. Then reboot the appliance.

Download and install updates by visiting the System->System Setup->Update Software page on the appliance. This only affects 3rd generation appliances so if the updates aren't listed your appliance isn't affected.
Post Reply