[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2011:137 -- Mandriva openssl

ID: oval:org.secpod.oval:def:301099Date: (C)2012-01-07   (M)2023-12-07
Class: PATCHFamily: unix




Multiple vulnerabilities has been discovered and corrected in openssl: The elliptic curve cryptography subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation . crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past . The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8s and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages, which allows remote attackers to cause a denial of service via out-of-order messages that violate the TLS protocol . Packages for 2009.0 are provided as of the Extended Maintenance Program

Platform:
Mandriva Linux 2010.1
Product:
openssl
Reference:
MDVSA-2011:137
CVE-2011-3210
CVE-2011-3207
CVE-2011-1945
CVE    3
CVE-2011-1945
CVE-2011-3207
CVE-2011-3210
CPE    1
cpe:/o:mandriva:linux:2010.1

© SecPod Technologies