[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2012:006 -- Mandriva openssl

ID: oval:org.secpod.oval:def:302883Date: (C)2012-11-29   (M)2023-12-07
Class: PATCHFamily: unix




Multiple vulnerabilities has been found and corrected in openssl: The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack . Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check . The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer . The Server Gated Cryptography implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors . The updated packages have been patched to correct these issues.

Platform:
Mandriva Linux 2010.1
Product:
openssl
Reference:
MDVSA-2012:006
CVE-2011-4619
CVE-2011-4576
CVE-2011-4109
CVE-2011-4108
CVE    4
CVE-2011-4108
CVE-2011-4109
CVE-2011-4619
CVE-2011-4576
...
CPE    1
cpe:/o:mandriva:linux:2010.1

© SecPod Technologies