Advisories » MGASA-2014-0204

Updated openssl packages fix CVE-2014-0198

Publication date: 03 May 2014
Modification date: 03 May 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0198

Description

Updated openssl packages fix security vulnerability:

A null pointer dereference bug in OpenSSL 1.0.1g and earlier in
so_ssl3_write() could possibly allow an attacker to cause generate an SSL
alert which would cause OpenSSL to crash, resulting in a denial of service
(CVE-2014-0198).
                

References

• http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/005_openssl.patch.sig
• http://openwall.com/lists/oss-security/2014/05/02/6
• https://bugs.mageia.org/show_bug.cgi?id=13309
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198

SRPMS

3/core

• openssl-1.0.1e-1.8.mga3

4/core

• openssl-1.0.1e-8.5.mga4