Advisories ยป MGASA-2017-0405

Updated openssl packages fix security vulnerabilities

Publication date: 08 Nov 2017
Modification date: 08 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-3735 , CVE-2017-3736

Description

If an X.509 certificate has a malformed IPAddressFamily extension,
OpenSSL could do a one-byte buffer overread. The most likely result
would be an erroneous display of the certificate in text format
(CVE-2017-3735).

There is a carry propagating bug in the x86_64 Montgomery squaring
procedure (CVE-2017-3736).
                

References

SRPMS

5/core

6/core