| |||||||||||||||||||
Mageia alert MGASA-2013-0041 (openssl)
MGASA-2013-0041 Date: February 8th, 2013 Affected releases: 2 Media: Core Description: Several security problems have been found in openssl before 1.0.0k: OCSP invalid key DoS issue. A flaw in the OpenSSL handling of OCSP response verification can be exploitedin a denial of service attack. (CVE-2013-0166) SSL, TLS and DTLS Plaintext Recovery Attack. Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing differences arising during MAC processing. (CVE-2013-0169) The packages have been updated to 1.0.0k to fix above security flaws. Updated Packages: i586: libopenssl1.0.0-1.0.0k-1.mga2.i586.rpm libopenssl-devel-1.0.0k-1.mga2.i586.rpm libopenssl-engines1.0.0-1.0.0k-1.mga2.i586.rpm libopenssl-static-devel-1.0.0k-1.mga2.i586.rpm openssl-1.0.0k-1.mga2.i586.rpm openssl-debug-1.0.0k-1.mga2.i586.rpm x86_64: lib64openssl1.0.0-1.0.0k-1.mga2.x86_64.rpm lib64openssl-devel-1.0.0k-1.mga2.x86_64.rpm lib64openssl-engines1.0.0-1.0.0k-1.mga2.x86_64.rpm lib64openssl-static-devel-1.0.0k-1.mga2.x86_64.rpm openssl-1.0.0k-1.mga2.x86_64.rpm openssl-debug-1.0.0k-1.mga2.x86_64.rpm SRPMS: openssl-1.0.0k-1.mga2.src.rpm References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169 https://bugs.mageia.org/show_bug.cgi?id=8980 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-... (Log in to post comments)
|
|||||||||||||||||||