Описание
ELSA-2014-0624: openssl security update (IMPORTANT)
[0.9.8e-27.3]
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
[0.9.8e-27.1]
- replace expired GlobalSign Root CA certificate in ca-bundle.crt
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
openssl
0.9.8e-27.el5_10.3
openssl-devel
0.9.8e-27.el5_10.3
openssl-perl
0.9.8e-27.el5_10.3
Oracle Linux x86_64
openssl
0.9.8e-27.el5_10.3
openssl-devel
0.9.8e-27.el5_10.3
openssl-perl
0.9.8e-27.el5_10.3
Oracle Linux i386
openssl
0.9.8e-27.el5_10.3
openssl-devel
0.9.8e-27.el5_10.3
openssl-perl
0.9.8e-27.el5_10.3
Связанные CVE
Связанные уязвимости
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h d ...
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.