DSA-2454-2 openssl -- multiple
|ID: oval:org.secpod.oval:def:600786||Date: (C)2012-04-27 (M)2017-11-18|
|Class: PATCH||Family: unix|
Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier. For reference, the original description of CVE-2012-2110 from DSA-2454-1 is quoted below: CVE-2012-2110 Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap overflow.