MDVSA-2010:076 -- Mandriva opensslID: oval:org.secpod.oval:def:301159 | Date: (C)2012-01-07 (M)2024-02-19 |
Class: PATCH | Family: unix |
This update fixes several security issues in openssl: - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service via a malformed record in a TLS connection - OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors - The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service - Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks . Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products.
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2009.1 |
Mandriva Linux 2008.0 |