ALAS-2016-749 ---- openssl
|ID: oval:org.secpod.oval:def:1600452||Date: (C)2016-09-23 (M)2018-01-05|
|Class: PATCH||Family: unix|
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.
|Amazon Linux AMI|