Mandriva alert MDVSA-2014:090 (openssl)
| From: | security@mandriva.com | |
| To: | security-announce@lists.mandriva.com | |
| Subject: | [Security Announce] [ MDVSA-2014:090 ] openssl | |
| Date: | Fri, 16 May 2014 13:44:00 +0200 | |
| Message-ID: | <E1WlGYT-0002mg-1n@titan.mandriva.com> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:090 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : openssl Date : May 16, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated openssl packages fix security vulnerability: A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-threaded application it may permit an attacker to inject data from one connection into another or cause denial of service (CVE-2010-5298). Also fixed in this update is a potential security issue with detection of the critical flag for the TSA extended key usage under certain cases. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://advisories.mageia.org/MGASA-2014-0187.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 9b69e2aa646ac282beeca44af49df06d mbs1/x86_64/lib64openssl1.0.0-1.0.0k-1.4.mbs1.x86_64.rpm ea9449a0b7737bfb5aac2bd918c7aa78 mbs1/x86_64/lib64openssl-devel-1.0.0k-1.4.mbs1.x86_64.rpm 1736c36cceb47ead3173eb1b7851ce81 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0k-1.4.mbs1.x86_64.rpm ccdab43f412486ade9f1564946152215 mbs1/x86_64/lib64openssl-static-devel-1.0.0k-1.4.mbs1.x86_64.rpm 06cb9a8cf5f5fdce5103d8b82a79e51d mbs1/x86_64/openssl-1.0.0k-1.4.mbs1.x86_64.rpm e66a04905c723b1cbd2516de13506b71 mbs1/SRPMS/openssl-1.0.0k-1.4.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTdc/1mqjQ0CJFipgRAjIoAKCuuO4XvtxmY1RU32Zbxvvmqp4I2gCgp7KS yBEUfRNgXV7oe68KyUowtfw= =Bycn -----END PGP SIGNATURE----- To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://store.mandriva.com _______________________________________________________