| |||||||||||||||||||
Pardus alert 2010-77 (openssl)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-77 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-06-15 Severity: 4 Type: Remote ------------------------------------------------------------------------ Summary ======= An error when handling CMS (Cryptographic Message Syntax) structures which can be exploited to potentially execute arbitrary code have been fixed Description =========== CVE-2010-0742: The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. Affected packages: Pardus 2009: openssl, all before 0.9.8k-28-11 Resolution ========== There are update(s) for openssl. You can update them via Package Manager or with a single command from console: pisi up openssl References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=13321 ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||