Paketname
openssl
Datum
2014-06-09
Advisory ID
MDVSA-2014:105
Betroffene Versionen
MES5 i586 , MES5 x86_64

Problembeschreibung

Multiple vulnerabilities has been discovered and corrected in openssl:

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before
0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote
attackers to cause a denial of service (recursion and client crash)
via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221).

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before
1.0.1h does not properly restrict processing of ChangeCipherSpec
messages, which allows man-in-the-middle attackers to trigger use of a
zero-length master key in certain OpenSSL-to-OpenSSL communications,
and consequently hijack sessions or obtain sensitive information,
via a crafted TLS handshake, aka the CCS Injection vulnerability
(CVE-2014-0224).

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL
before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when
an anonymous ECDH cipher suite is used, allows remote attackers to
cause a denial of service (NULL pointer dereference and client crash)
by triggering a NULL certificate value (CVE-2014-3470).

The updated packages have been patched to correct these issues.

Aktualisierte Pakete

MES5 i586

 ef1687f8f4d68dd34149dbb04f3fccda  mes5/i586/libopenssl0.9.8-0.9.8h-3.18mdvmes5.2.i586.rpm
 3e46ee354bd0add0234eaf873f0a076c  mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.18mdvmes5.2.i586.rpm
 0cc60393474d11a3786965d780e39ebc  mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.18mdvmes5.2.i586.rpm
 16d367fe394b2f16b9f022ea7ba75a54  mes5/i586/openssl-0.9.8h-3.18mdvmes5.2.i586.rpm 
 223a4a6b80f1b2eb3cbfaf99473423f3  mes5/SRPMS/openssl-0.9.8h-3.18mdvmes5.2.src.rpm

MES5 x86_64

 85a51b41a45f6905ea778347d8b236c1  mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.18mdvmes5.2.x86_64.rpm
 d0bf9ef6c6e33d0c6158add14cbe04b8  mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.18mdvmes5.2.x86_64.rpm
 707842b93162409157667f696996f4fc  mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.18mdvmes5.2.x86_64.rpm
 70f4de1608d99c970afa1786595a761d  mes5/x86_64/openssl-0.9.8h-3.18mdvmes5.2.x86_64.rpm 
 223a4a6b80f1b2eb3cbfaf99473423f3  mes5/SRPMS/openssl-0.9.8h-3.18mdvmes5.2.src.rpm

Referenzen