Advisories » MGASA-2014-0008

Updated openssl package fixes security vulnerability

Publication date: 06 Jan 2014
Modification date: 06 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-6449

Description

A flaw was reported for OpenSSL 1.0.1e, that can cause application using
OpenSSL to crash when using TLS version 1.2 (CVE-2013-6449).

Also, a NULL pointer reference issue has been fixed in SSL_get_certificate
(mga#11549).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12096
• https://bugs.mageia.org/show_bug.cgi?id=11549
• https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124854.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449

SRPMS

3/core

• openssl-1.0.1e-1.2.mga3