|
|
Subscribe / Log in / New account

Scientific Linux alert SLSA-2014:0376-1 (openssl)



From:
    	      Pat Riehecky <riehecky@fnal.gov> 


To:
    	      <scientific-linux-errata@listserv.fnal.gov> 


Subject:
    	      Security ERRATA Important: openssl on SL6.x i386/x86_64 


Date:
    	      Tue, 8 Apr 2014 13:39:35 +0000


Message-ID:
    	      <20140408133935.26898.77313@slpackages.fnal.gov>


Synopsis:          Important: openssl security update
Advisory ID:       SLSA-2014:0376-1
Issue Date:        2014-04-08
CVE Numbers:       CVE-2014-0160
--

An information disclosure flaw was found in the way OpenSSL handled TLS
and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or
server could send a specially crafted TLS or DTLS Heartbeat packet to
disclose a limited portion of memory per request from a connected client
or server. Note that the disclosed portions of memory could potentially
include sensitive information such as private keys. (CVE-2014-0160)

For the update to take effect, all services linked to the OpenSSL library
(such as httpd and other SSL-enabled services) must be restarted or the
system rebooted.
--

SL6
  x86_64
    openssl-1.0.1e-16.el6_5.7.i686.rpm
    openssl-1.0.1e-16.el6_5.7.x86_64.rpm
    openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm
    openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm
    openssl-devel-1.0.1e-16.el6_5.7.i686.rpm
    openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm
    openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm
    openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm
  i386
    openssl-1.0.1e-16.el6_5.7.i686.rpm
    openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm
    openssl-devel-1.0.1e-16.el6_5.7.i686.rpm
    openssl-perl-1.0.1e-16.el6_5.7.i686.rpm
    openssl-static-1.0.1e-16.el6_5.7.i686.rpm

- Scientific Linux Development Team
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds