Advisories » MGASA-2017-0405

Updated openssl packages fix security vulnerabilities

Publication date: 08 Nov 2017
Modification date: 08 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-3735 , CVE-2017-3736

Description

If an X.509 certificate has a malformed IPAddressFamily extension,
OpenSSL could do a one-byte buffer overread. The most likely result
would be an erroneous display of the certificate in text format
(CVE-2017-3735).

There is a carry propagating bug in the x86_64 Montgomery squaring
procedure (CVE-2017-3736).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21977
• https://www.openssl.org/news/secadv/20170828.txt
• https://www.openssl.org/news/secadv/20171102.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3735
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736

SRPMS

5/core

• openssl-1.0.2m-1.mga5

6/core

• openssl-1.0.2m-1.mga6