USN-704-1 -- openssl vulnerability
|ID: oval:org.secpod.oval:def:700409||Date: (C)2011-05-13 (M)2017-11-27|
|Class: PATCH||Family: unix|
It was discovered that OpenSSL did not properly perform signature verification on DSA and ECDSA keys. If user or automated system connected to a malicious server or a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.