DSA-3773-1 openssl -- openssl
|ID: oval:org.secpod.oval:def:602756||Date: (C)2017-01-30 (M)2017-11-14|
|Class: PATCH||Family: unix|
Several vulnerabilities were discovered in OpenSSL: CVE-2016-7056 A local timing attack was discovered against ECDSA P-256. CVE-2016-8610 It was discovered that no limit was imposed on alert packets during an SSL handshake. CVE-2017-3731 Robert Swiecki discovered that the RC4-MD5 cipher when running on 32 bit systems could be forced into an out-of-bounds read, resulting in denial of service.