[ MDVSA-2015:062 ] openssl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:062
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : openssl
 Date    : March 27, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in openssl:
 
 Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
 through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows
 remote attackers to inject data across sessions or cause a denial of
 service (use-after-free and parsing error) via an SSL connection in
 a multithreaded environment (CVE-2010-5298).
 
 The Montgomery ladder implementation in OpenSSL through 1.0.0l does
 not ensure that certain swap operations have a constant-time behavio

007 Software

[ MDVSA-2015:062 ] openssl

Leave a Reply Cancel reply

Software and Security Information