[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2012:0426-01 -- Redhat openssl

ID: oval:org.secpod.oval:def:500773Date: (C)2012-04-04   (M)2016-08-25
Class: PATCHFamily: unix




OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. A flaw was found in the PKCS#7 and Cryptographic Message Syntax implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times. This update also fixes a regression caused by the fix for CVE-2011-4619, released via RHSA-2012:0060 and RHSA-2012:0059, which caused Server Gated Cryptography handshakes to fail. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Platform:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product:
openssl
Reference:
RHSA-2012:0426-01
CVE-2012-0884
CVE-2012-1165
CVE-2011-4619
CVE    3
CVE-2011-4619
CVE-2012-0884
CVE-2012-1165
CPE    89
cpe:/o:redhat:enterprise_linux:5
cpe:/o:redhat:enterprise_linux:6
cpe:/a:openssl:openssl:1.0.0g
cpe:/a:openssl:openssl:0.9.1c
...

© 2013 SecPod Technologies