| Revision Date: | 2015-02-23 | Version: | 13 |
| Title: | ELSA-2014-1052 -- openssl security update (moderate) |
| Description: | [1.0.1e-34.4] - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2014-3505
CVE-2014-3506
CVE-2014-3507
CVE-2014-3508
CVE-2014-3509
CVE-2014-3510
CVE-2014-3511
ELSA-2014-1052
|
| Platform(s): | Oracle Linux 6
Oracle Linux 7
| Product(s): | openssl
|
| Definition Synopsis |
| Oracle Linux 6 release section Oracle Linux 6.x
AND Packages match section
openssl is earlier than 0:1.0.1e-16.el6_5.15
OR openssl-devel is earlier than 0:1.0.1e-16.el6_5.15
OR openssl-perl is earlier than 0:1.0.1e-16.el6_5.15
OR openssl-static is earlier than 0:1.0.1e-16.el6_5.15
Oracle Linux 7 release section
Oracle Linux 7.x
AND Packages match section
openssl is earlier than 1:1.0.1e-34.el7_0.4
OR openssl-devel is earlier than 1:1.0.1e-34.el7_0.4
OR openssl-libs is earlier than 1:1.0.1e-34.el7_0.4
OR openssl-perl is earlier than 1:1.0.1e-34.el7_0.4
OR openssl-static is earlier than 1:1.0.1e-34.el7_0.4
|