Advisories » MGASA-2018-0190

Updated openssl packages fix security vulnerability

Publication date: 03 Apr 2018
Modification date: 03 Apr 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-0739

Description

Constructed ASN.1 types with a recursive definition (such as can be
found in PKCS7) could eventually exceed the stack given malicious input
with excessive recursion. This could result in a Denial Of Service
attack. There are no such structures used within SSL/TLS that come from
untrusted sources so this is considered safe (CVE-2018-0739).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22842
• https://www.openssl.org/news/secadv/20180327.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739

SRPMS

6/core

• openssl-1.0.2o-1.mga6

5/core

• openssl-1.0.2o-1.mga5