Oval Definition:oval:org.mitre.oval:def:23704
Revision Date:2014-05-26Version:16
Title:ELSA-2012:0518: openssl security update (Important)
Description:The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2012-2110
ELSA-2012:0518-02
Platform(s):Oracle Linux 5
Oracle Linux 6
Product(s):openssl
openssl097a
openssl098e
Definition Synopsis
  • rpm test
  • Oracle Linux 5.x
  • AND rpm test
  • openssl-devel is earlier than 0:0.9.8e-22.el5_8.3
  • OR openssl-perl is earlier than 0:0.9.8e-22.el5_8.3
  • OR openssl is earlier than 0:0.9.8e-22.el5_8.3
  • OR openssl097a is earlier than 0:0.9.7a-11.el5_8.2
  • OR rpm test
  • Oracle Linux 6.x
  • AND rpm test
  • openssl-devel is earlier than 0:1.0.0-20.el6_2.4
  • OR openssl-static is earlier than 0:1.0.0-20.el6_2.4
  • OR openssl-perl is earlier than 0:1.0.0-20.el6_2.4
  • OR openssl is earlier than 0:1.0.0-20.el6_2.4
  • OR openssl098e is earlier than 0:0.9.8e-17.el6_2.2
    • BACK