[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ MDVSA-2014:106 ] openssl



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:106
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : openssl
 Date    : June 9, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in openssl:
 
 The dtls1_reassemble_fragment function in d1_both.c in OpenSSL
 before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does
 not properly validate fragment lengths in DTLS ClientHello messages,
 which allows remote attackers to execute arbitrary code or cause a
 denial of service (buffer overflow and application crash) via a long
 non-initial fragment (CVE-2014-0195).
 
 The dtls1_get_message_fragment function in d1_both.c in OpenSSL before
 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote
 attackers to cause a denial of service (recursion and client crash)
 via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221).
 
 OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before
 1.0.1h does not properly restrict processing of ChangeCipherSpec
 messages, which allows man-in-the-middle attackers to trigger use of a
 zero-length master key in certain OpenSSL-to-OpenSSL communications,
 and consequently hijack sessions or obtain sensitive information,
 via a crafted TLS handshake, aka the CCS Injection vulnerability
 (CVE-2014-0224).
 
 The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL
 before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when
 an anonymous ECDH cipher suite is used, allows remote attackers to
 cause a denial of service (NULL pointer dereference and client crash)
 by triggering a NULL certificate value (CVE-2014-3470).
 
 The updated packages have been upgraded to the 1.0.0m version where
 these security flaws has been fixed.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
 http://www.openssl.org/news/secadv_20140605.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 857d06ddc6423ad124b23eb760459033  mbs1/x86_64/lib64openssl1.0.0-1.0.0m-1.mbs1.x86_64.rpm
 d7436f2f95df5c1d64d44a745f125bd8  mbs1/x86_64/lib64openssl-devel-1.0.0m-1.mbs1.x86_64.rpm
 67f6cd6da42f01fb2f6054a2f96872af  mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0m-1.mbs1.x86_64.rpm
 5d7c5712c1ce70a2dd2596e803bc7004  mbs1/x86_64/lib64openssl-static-devel-1.0.0m-1.mbs1.x86_64.rpm
 9866e03e1c112b0c4cb5587b142cfa63  mbs1/x86_64/openssl-1.0.0m-1.mbs1.x86_64.rpm 
 9ac714afa9a9b30419f2f1f5c9ec4e48  mbs1/SRPMS/openssl-1.0.0m-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTlcuxmqjQ0CJFipgRAtEQAJsEeYwuETVPTeadp+pdK9wJfQqgOgCfXDif
30xyBHFmHJa6MS/00iqN2aY=
=9sdw
-----END PGP SIGNATURE-----