DSA-2454-2 openssl -- multipleID: oval:org.secpod.oval:def:600786 | Date: (C)2012-04-27 (M)2023-12-07 |
Class: PATCH | Family: unix |
Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier. For reference, the original description of CVE-2012-2110 from DSA-2454-1 is quoted below: CVE-2012-2110 Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap overflow.