[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-2454-1 openssl -- multiple

ID: oval:org.secpod.oval:def:600782Date: (C)2012-04-20   (M)2016-08-25
Class: PATCHFamily: unix




Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2012-0884 Ivan Nestlerode discovered a weakness in the CMS and PKCS #7 implementations that could allow an attacker to decrypt data via a Million Message Attack . CVE-2012-1165 It was discovered that a NULL pointer could be dereferenced when parsing certain S/MIME messages, leading to denial of service. CVE-2012-2110 Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap overflow. Additionally, the fix for CVE-2011-4619 has been updated to address an issue with SGC handshakes.

Platform:
Debian 6.0
Product:
openssl
Reference:
DSA-2454-1
CVE-2012-0884
CVE-2012-1165
CVE-2012-2110
CVE-2011-4619
CVE    4
CVE-2012-0884
CVE-2012-1165
CVE-2011-4619
CVE-2012-2110
...
CPE    91
cpe:/a:openssl:openssl
cpe:/o:debian:debian_linux:6.0
cpe:/a:openssl:openssl:1.0.0g
cpe:/a:openssl:openssl:1.0.0b
...

© 2013 SecPod Technologies