[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108530

 
 

909

 
 

85343

 
 

134

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-2454-1 openssl -- multiple

ID: oval:org.secpod.oval:def:600782Date: (C)2012-04-20   (M)2018-01-10
Class: PATCHFamily: unix




Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2012-0884 Ivan Nestlerode discovered a weakness in the CMS and PKCS #7 implementations that could allow an attacker to decrypt data via a Million Message Attack . CVE-2012-1165 It was discovered that a NULL pointer could be dereferenced when parsing certain S/MIME messages, leading to denial of service. CVE-2012-2110 Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap overflow. Additionally, the fix for CVE-2011-4619 has been updated to address an issue with SGC handshakes.

Platform:
Debian 6.0
Product:
openssl
Reference:
DSA-2454-1
CVE-2012-0884
CVE-2012-1165
CVE-2012-2110
CVE-2011-4619
CVE    4
CVE-2012-1165
CVE-2012-0884
CVE-2012-2110
CVE-2011-4619
...
CPE    91
cpe:/a:openssl:openssl:0.9.8m:beta1
cpe:/a:openssl:openssl:1.0.1:beta1
cpe:/a:openssl:openssl:1.0.1:beta2
cpe:/a:openssl:openssl:1.0.0g
...

© SecPod Technologies