Updated openssl packages fix security vulnerabilities
Publication date: 08 Nov 2017Modification date: 08 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-3735 , CVE-2017-3736
Description
If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format (CVE-2017-3735). There is a carry propagating bug in the x86_64 Montgomery squaring procedure (CVE-2017-3736).
References
SRPMS
5/core
- openssl-1.0.2m-1.mga5
6/core
- openssl-1.0.2m-1.mga6