[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2010:0054 -- centos 5 x86_64 openssl

ID: oval:org.secpod.oval:def:201879Date: (C)2012-01-31   (M)2017-09-22
Class: PATCHFamily: unix




OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init function after previous calls to the CRYPTO_cleanup_all_ex_data function, which would cause a memory leak for each subsequent SSL connection. This flaw could cause server applications that call those functions during reload, such as a combination of the Apache HTTP Server, mod_ssl, PHP, and cURL, to consume all available memory, resulting in a denial of service. Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Platform:
CentOS 5
Product:
openssl
Reference:
CESA-2010:0054
CVE-2009-2409
CVE-2009-4355
CVE    2
CVE-2009-2409
CVE-2009-4355
CPE    69
cpe:/o:centos:centos:5
cpe:/a:openssl:openssl:1.0.0:beta2
cpe:/a:openssl:openssl:1.0.0:beta1
cpe:/a:openssl:openssl:1.0.0:beta4
...

© 2013 SecPod Technologies