DSA-3773-1 openssl -- opensslID: oval:org.secpod.oval:def:602756 | Date: (C)2017-01-30 (M)2024-01-29 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in OpenSSL: CVE-2016-7056 A local timing attack was discovered against ECDSA P-256. CVE-2016-8610 It was discovered that no limit was imposed on alert packets during an SSL handshake. CVE-2017-3731 Robert Swiecki discovered that the RC4-MD5 cipher when running on 32 bit systems could be forced into an out-of-bounds read, resulting in denial of service.