[ MDVSA-2010:076 ] openssl

Mandrivan turvallisuustiedotteiden tuoreimmat

[ MDVSA-2010:076 ] openssl

Uusi viestiKirjoittaja dude67 » 21 Huhti 2010, 19:31

_______________________________________________________________________

Package : openssl
Date : April 15, 2010
Affected: 2008.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

This update fixes several security issues in openssl:
- The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f
through 0.9.8m allows remote attackers to cause a denial of service
(crash) via a malformed record in a TLS connection (CVE-2010-0740)
- OpenSSL before 0.9.8m does not check for a NULL return value
from bn_wexpand function calls which has unspecified impact and
context-dependent attack vectors (CVE-2009-3245)
- The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL
before 0.9.8n, when Kerberos is enabled but Kerberos configuration
files cannot be opened, could allow remote attackers to cause a denial
of service (NULL pointer dereference and daemon crash) (CVE-2010-0433)
- Finally, this update provides support for secure renegotiation,
preventing men-in-the-middle attacks (CVE-2009-3555).

Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3555
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3245
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0740
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0433
_______________________________________________________________________
Kuva
1. Mageia-1 KDE4 x86_64 (& Win7 Pro) | desktop
2. Mageia-2 KDE4 (& Win7 Home Premium) | laptop Acer 7530
3. Mageia-1 KDE4 (& Win7 Starter) | Samsung NC-10 miniläppäri
4. Mageia-1 KDE4 | serverinä toimiva desktop
Luotettavaa Linux käyttöä jo Mandriva 2006.0:sta lähtien :)
Avatar
dude67
Site Admin
 
Viestit: 2256
Liittynyt: 27 Syys 2007, 16:58
Paikkakunta: Espoo

Paluu Mandrivan turvallisuustiedotteet

Paikallaolijat

Käyttäjiä lukemassa tätä aluetta: Ei rekisteröityneitä käyttäjiä ja 4 vierailijaa

cron