Advisories ยป MGASA-2014-0204

Updated openssl packages fix CVE-2014-0198

Publication date: 03 May 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0198

Description

Updated openssl packages fix security vulnerability:

A null pointer dereference bug in OpenSSL 1.0.1g and earlier in
so_ssl3_write() could possibly allow an attacker to cause generate an SSL
alert which would cause OpenSSL to crash, resulting in a denial of service
(CVE-2014-0198).
                

References

SRPMS

3/core

4/core