On Tue, Aug 06, 2013 at 04:01:12PM +0530, Anumeha Prasad wrote: > Hi, > > I'm currently at CentOS 5.8. I'm using openssl version > openssl-0.9.8e-22.el5. The following vulnerability was reported by a Nessus > security scan: Don't trust Nessus scans > As per following link, Redhat has introduced openssl-0.9.8m which fixes > this specific issue: > > https://access.redhat.com/site/articles/20490#Updates_adding_RFC_5746_support If you follow that link it points to https://rhn.redhat.com/errata/RHSA-2010-0162.html (openssl-0.9.8e-12.el5_4.6) as having the fix. Which is superceded by https://rhn.redhat.com/errata/RHSA-2013-0587.html (openssl-0.9.8e-26.el5_9.1) The version numbers reported by RedHat do not always match the version numbers reported by upstream because RedHat backports fixes into older versions. According to the very pages you linked to, the flaw has been addressed by RedHat in the 0.9.8e-12 and newer packages. -- rgds Stephen