[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114411

 
 

909

 
 

88812

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2010:0054 -- centos 5 x86_64 openssl

ID: oval:org.secpod.oval:def:201879Date: (C)2012-01-31   (M)2018-10-04
Class: PATCHFamily: unix




OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init function after previous calls to the CRYPTO_cleanup_all_ex_data function, which would cause a memory leak for each subsequent SSL connection. This flaw could cause server applications that call those functions during reload, such as a combination of the Apache HTTP Server, mod_ssl, PHP, and cURL, to consume all available memory, resulting in a denial of service. Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Platform:
CentOS 5
Product:
openssl
Reference:
CESA-2010:0054
CVE-2009-2409
CVE-2009-4355
CVE    2
CVE-2009-4355
CVE-2009-2409
CPE    70
cpe:/a:openssl:openssl:1.0.0:beta1
cpe:/a:openssl:openssl:1.0.0:beta4
cpe:/a:openssl:openssl:1.0.0:beta3
cpe:/o:centos:centos:5
...

© SecPod Technologies