Описание
ELSA-2013-0587: openssl security update (MODERATE)
[1.0.0-27.2]
- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)
- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)
- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051)
- use __secure_getenv() everywhere instead of getenv() (#839735)
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
openssl
0.9.8e-26.el5_9.1
openssl-devel
0.9.8e-26.el5_9.1
openssl-perl
0.9.8e-26.el5_9.1
Oracle Linux x86_64
openssl
0.9.8e-26.el5_9.1
openssl-devel
0.9.8e-26.el5_9.1
openssl-perl
0.9.8e-26.el5_9.1
Oracle Linux i386
openssl
0.9.8e-26.el5_9.1
openssl-devel
0.9.8e-26.el5_9.1
openssl-perl
0.9.8e-26.el5_9.1
Oracle Linux 6
Oracle Linux x86_64
openssl
1.0.0-27.el6_4.2
openssl-devel
1.0.0-27.el6_4.2
openssl-perl
1.0.0-27.el6_4.2
openssl-static
1.0.0-27.el6_4.2
Oracle Linux i686
openssl
1.0.0-27.el6_4.2
openssl-devel
1.0.0-27.el6_4.2
openssl-perl
1.0.0-27.el6_4.2
openssl-static
1.0.0-27.el6_4.2
Связанные CVE
Связанные уязвимости
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d do ...
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.