Advisories ยป MGASA-2014-0012

Updated openssl package fixes security vulnerabilities

Publication date: 17 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4353 , CVE-2013-6450


Updated openssl packages fix security vulnerabilities:

The DTLS retransmission implementation in OpenSSL through 1.0.1e does not
properly maintain data structures for digest and encryption contexts, which
might allow man-in-the-middle attackers to trigger the use of a different
context by interfering with packet delivery (CVE-2013-6450).

A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL
pointer exception. A malicious server could use this flaw to crash a
connecting client (CVE-2013-4353).