Advisories » MGASA-2014-0187

Updated openssl packages fix CVE-2010-5298

Publication date: 23 Apr 2014
Modification date: 23 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2010-5298

Description

Updated openssl packages fix security vulnerability:

A read buffer can be freed even when it still contains data that is used
later on, leading to a use-after-free. Given a race condition in a
multi-threaded application it may permit an attacker to inject data from
one connection into another or cause denial of service (CVE-2010-5298).

Also fixed in this update is a potential security issue with detection of
the "critical" flag for the TSA extended key usage under certain cases.
                

References

• https://www.debian.org/security/2014/dsa-2908
• https://bugs.mageia.org/show_bug.cgi?id=13210
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298

SRPMS

3/core

• openssl-1.0.1e-1.7.mga3

4/core

• openssl-1.0.1e-8.4.mga4