Описание
ELSA-2014-0626: openssl097a and openssl098e security update (IMPORTANT)
[0.9.8e-18.0.1.el6_5.2]
- Updated the description
[0.9.8e-18.2]
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
[0.9.8e-18]
- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
openssl097a
0.9.7a-12.el5_10.1
Oracle Linux x86_64
openssl097a
0.9.7a-12.el5_10.1
Oracle Linux i386
openssl097a
0.9.7a-12.el5_10.1
Oracle Linux 6
Oracle Linux x86_64
openssl098e
0.9.8e-18.0.1.el6_5.2
Oracle Linux i686
openssl098e
0.9.8e-18.0.1.el6_5.2
Связанные CVE
Связанные уязвимости
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h d ...
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.