| Revision Date: | 2014-12-22 | Version: | 12 |
| Title: | ELSA-2014-1653 -- openssl security update |
| Description: | [0.9.8e-31]- add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3)[0.9.8e-30]- fix CVE-2014-0221 - recursion in DTLS code leading to DoS- fix CVE-2014-3505 - doublefree in DTLS packet processing- fix CVE-2014-3506 - avoid memory exhaustion in DTLS- fix CVE-2014-3508 - fix OID handling to avoid information leak- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS[0.9.8e-29]- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability[0.9.8e-28]- replace expired GlobalSign Root CA certificate in ca-bundle.crt |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2014-3566
ELSA-2014-1653
|
| Platform(s): | Oracle Linux 5
| Product(s): | openssl
openssl-devel
openssl-perl
|
| Definition Synopsis |
| Oracle Linux 5.x AND Packages match section
openssl is earlier than 0:0.9.8e-31.el5_11
OR openssl-devel is earlier than 0:0.9.8e-31.el5_11
OR openssl-perl is earlier than 0:0.9.8e-31.el5_11
|