Mandriva Linux Security Advisory 2009-271 - nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. This update fixes this vulnerability.
bbcbdb518b5d8b7808f0aee015897e1c7cc54a9c8ad5c2f6ca6a9bfcd720d8a0