Описание
ELSA-2012-0699: openssl security and bug fix update (MODERATE)
[1.0.0-20.5]
- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)
- properly initialize tkeylen in the CVE-2012-0884 fix
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
openssl
0.9.8e-22.el5_8.4
openssl-devel
0.9.8e-22.el5_8.4
openssl-perl
0.9.8e-22.el5_8.4
Oracle Linux x86_64
openssl
0.9.8e-22.el5_8.4
openssl-devel
0.9.8e-22.el5_8.4
openssl-perl
0.9.8e-22.el5_8.4
Oracle Linux i386
openssl
0.9.8e-22.el5_8.4
openssl-devel
0.9.8e-22.el5_8.4
openssl-perl
0.9.8e-22.el5_8.4
Oracle Linux 6
Oracle Linux x86_64
openssl
1.0.0-20.el6_2.5
openssl-devel
1.0.0-20.el6_2.5
openssl-perl
1.0.0-20.el6_2.5
openssl-static
1.0.0-20.el6_2.5
Oracle Linux i686
openssl
1.0.0-20.el6_2.5
openssl-devel
1.0.0-20.el6_2.5
openssl-perl
1.0.0-20.el6_2.5
openssl-static
1.0.0-20.el6_2.5
Связанные CVE
Связанные уязвимости
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1 ...
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.