Описание
ELSA-2011-1409: openssl security update (MODERATE)
[1.0.0-10.5]
- initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207 (#736087)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
openssl
1.0.0-10.el6_1.5
openssl-devel
1.0.0-10.el6_1.5
openssl-perl
1.0.0-10.el6_1.5
openssl-static
1.0.0-10.el6_1.5
Oracle Linux i686
openssl
1.0.0-10.el6_1.5
openssl-devel
1.0.0-10.el6_1.5
openssl-perl
1.0.0-10.el6_1.5
openssl-static
1.0.0-10.el6_1.5
Связанные CVE
Связанные уязвимости
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initial ...
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.