Pardus alert 2010-46 (openssl)

From:
    	     
 
Eren Turkay <eren@pardus.org.tr> 
To:
    	     
 
pardus-security@pardus.org.tr 
Subject:
    	     
 
[Pardus-security] [PLSA 2010-46] OpenSSL: Denial of Service 
Date:
    	     
 
Tue,  6 Apr 2010 08:53:18 +0300 (EEST)
Message-ID:
    	     
 
<20100406055318.F292BA7AC04@lider.pardus.org.tr>
Archive-link:
    	     
 
Article, Thread
              
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-46            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-04-06
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
=======

A vulnerability has been fixed in OpenSSL, which can  be  exploited  by 
malicious people to manipulate certain data and cause a DoS (Denial  of 
Service) 


Description
===========

CVE-2010-0740: 

The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL  allows  remote 
attackers to cause a denial of service (crash) via a malformed record in
a TLS connection that triggers a NULL pointer dereference,  related  to 
the minor version number. 


Affected packages:

  Pardus 2009:
    openssl, all before 0.9.8k-27-10


Resolution
==========

There are update(s) for openssl. You can update them via Package Manager
or with a single command from console: 

    pisi up openssl

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=12513
  * http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740
  * http://www.openssl.org/news/secadv_20100324.txt

------------------------------------------------------------------------

_______________________________________________
Pardus-security mailing list
Pardus-security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security