Nom du paquet
openssl
Date
2012-01-16
Advisory ID
MDVSA-2012:006
Affected versions
MES5 i586 , MES5 x86_64 , 2010.1 i586 , 2010.1 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in openssl:

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f
performs a MAC check only if certain padding is valid, which makes
it easier for remote attackers to recover plaintext via a padding
oracle attack (CVE-2011-4108).

Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when
X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to
have an unspecified impact by triggering failure of a policy check
(CVE-2011-4109).

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before
1.0.0f does not properly initialize data structures for block cipher
padding, which might allow remote attackers to obtain sensitive
information by decrypting the padding data sent by an SSL peer
(CVE-2011-4576).

The Server Gated Cryptography (SGC) implementation in OpenSSL before
0.9.8s and 1.x before 1.0.0f does not properly handle handshake
restarts, which allows remote attackers to cause a denial of service
via unspecified vectors (CVE-2011-4619).

The updated packages have been patched to correct these issues.

Updated packages

MES5 i586

 420e3b0756b3e2d54f9b3d938ed67705  mes5/i586/libopenssl0.9.8-0.9.8h-3.12mdvmes5.2.i586.rpm
 d03e34a594f6650d1ccc0edaf53665ac  mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.12mdvmes5.2.i586.rpm
 a76a3e677d942d223ac346c13088ed2e  mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.12mdvmes5.2.i586.rpm
 c031589e8f7bc6c87463c334cc74643a  mes5/i586/openssl-0.9.8h-3.12mdvmes5.2.i586.rpm 
 60a5c08d0f8cf8455d8de874c4a5c536  mes5/SRPMS/openssl-0.9.8h-3.12mdvmes5.2.src.rpm

MES5 x86_64

 9bd17d8bcf25f3af4a22fe5938667f50  mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.12mdvmes5.2.x86_64.rpm
 3598de5cbab06aa3c5ece65ef0c3cb5e  mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.12mdvmes5.2.x86_64.rpm
 4561a4c97e3d8e0f5c2b7478cce73bf5  mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.12mdvmes5.2.x86_64.rpm
 d72de8d2a7d5d61bbe1e289e195de87b  mes5/x86_64/openssl-0.9.8h-3.12mdvmes5.2.x86_64.rpm 
 60a5c08d0f8cf8455d8de874c4a5c536  mes5/SRPMS/openssl-0.9.8h-3.12mdvmes5.2.src.rpm

2010.1 i586

 afa95c1b1efc52b00f763845af45725e  2010.1/i586/libopenssl0.9.8-0.9.8s-0.1mdv2010.2.i586.rpm
 bfb9fba942121a98979ae9e922b53a1b  2010.1/i586/libopenssl1.0.0-1.0.0a-1.9mdv2010.2.i586.rpm
 0bc4b73013fff6b7cf8b118289dec204  2010.1/i586/libopenssl1.0.0-devel-1.0.0a-1.9mdv2010.2.i586.rpm
 940dd174dba069977b50dabe16e8b01f  2010.1/i586/libopenssl1.0.0-static-devel-1.0.0a-1.9mdv2010.2.i586.rpm
 e46c355b2ed1e50204f03b77ecdbaa54  2010.1/i586/libopenssl-engines1.0.0-1.0.0a-1.9mdv2010.2.i586.rpm
 2e38206984014928b70803c29f820ab4  2010.1/i586/openssl-1.0.0a-1.9mdv2010.2.i586.rpm 
 39e24474ff4a35adfc8760c640c5cdf7  2010.1/SRPMS/openssl0.9.8-0.9.8s-0.1mdv2010.2.src.rpm
 4f5b24138660a10d54f88a7db7d23ae4  2010.1/SRPMS/openssl-1.0.0a-1.9mdv2010.2.src.rpm

2010.1 x86_64

 493d7997720b64503d1223f0acd0ad95  2010.1/x86_64/lib64openssl0.9.8-0.9.8s-0.1mdv2010.2.x86_64.rpm
 57fd5e751799263d9efea494b7954121  2010.1/x86_64/lib64openssl1.0.0-1.0.0a-1.9mdv2010.2.x86_64.rpm
 aa8614ea58fb6e5afc35367304472652  2010.1/x86_64/lib64openssl1.0.0-devel-1.0.0a-1.9mdv2010.2.x86_64.rpm
 dfe821307ec7e11318a4bd15e37a7475  2010.1/x86_64/lib64openssl1.0.0-static-devel-1.0.0a-1.9mdv2010.2.x86_64.rpm
 80423dbb1ba97b8115d000d961c08426  2010.1/x86_64/lib64openssl-engines1.0.0-1.0.0a-1.9mdv2010.2.x86_64.rpm
 f7fe3031b8b4ed176deb1eb7bd3917e0  2010.1/x86_64/openssl-1.0.0a-1.9mdv2010.2.x86_64.rpm 
 39e24474ff4a35adfc8760c640c5cdf7  2010.1/SRPMS/openssl0.9.8-0.9.8s-0.1mdv2010.2.src.rpm
 4f5b24138660a10d54f88a7db7d23ae4  2010.1/SRPMS/openssl-1.0.0a-1.9mdv2010.2.src.rpm

References