Описание
ELSA-2010-0162: openssl security update (IMPORTANT)
[0.9.8e-12.6]
- fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924)
[0.9.8e-12.5]
- fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774)
[0.9.8e-12.4]
- do not disable SSLv2 in the renegotiation patch - SSLv2 does not support renegotiation
- allow unsafe renegotiation on clients with SSL_OP_LEGACY_SERVER_CONNECT
[0.9.8e-12.3]
- mention the RFC5746 in the CVE-2009-3555 doc
[0.9.8e-12.2]
- fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125)
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
openssl
0.9.8e-12.el5_4.6
openssl-devel
0.9.8e-12.el5_4.6
openssl-perl
0.9.8e-12.el5_4.6
Oracle Linux x86_64
openssl
0.9.8e-12.el5_4.6
openssl-devel
0.9.8e-12.el5_4.6
openssl-perl
0.9.8e-12.el5_4.6
Oracle Linux i386
openssl
0.9.8e-12.el5_4.6
openssl-devel
0.9.8e-12.el5_4.6
openssl-perl
0.9.8e-12.el5_4.6
Связанные CVE
Связанные уязвимости
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before ...
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации