Описание
ELSA-2014-0015: openssl security update (IMPORTANT)
[1.0.1e-16.4]
- fix CVE-2013-4353 - Invalid TLS handshake crash
[1.0.1e-16.3]
- fix CVE-2013-6450 - possible MiTM attack on DTLS1
[1.0.1e-16.2]
- fix CVE-2013-6449 - crash when version in SSL structure is incorrect
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
openssl
1.0.1e-16.el6_5.4
openssl-devel
1.0.1e-16.el6_5.4
openssl-perl
1.0.1e-16.el6_5.4
openssl-static
1.0.1e-16.el6_5.4
Oracle Linux i686
openssl
1.0.1e-16.el6_5.4
openssl-devel
1.0.1e-16.el6_5.4
openssl-perl
1.0.1e-16.el6_5.4
openssl-static
1.0.1e-16.el6_5.4
Связанные CVE
Связанные уязвимости
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить целостность и доступность защищаемой информации
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0. ...