Lucene search

K
amazonAmazonALAS-2012-072
HistoryMay 02, 2012 - 12:28 p.m.

Important: openssl

2012-05-0212:28:00
alas.aws.amazon.com
16

0.1 Low

EPSS

Percentile

94.9%

Issue Overview:

Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL’s I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110)

Affected Packages:

openssl

Issue Correction:
Run yum update openssl to update your system.

New Packages:

i686:  
    openssl-static-1.0.0i-1.41.amzn1.i686  
    openssl-devel-1.0.0i-1.41.amzn1.i686  
    openssl-1.0.0i-1.41.amzn1.i686  
    openssl-perl-1.0.0i-1.41.amzn1.i686  
    openssl-debuginfo-1.0.0i-1.41.amzn1.i686  
  
src:  
    openssl-1.0.0i-1.41.amzn1.src  
  
x86_64:  
    openssl-devel-1.0.0i-1.41.amzn1.x86_64  
    openssl-perl-1.0.0i-1.41.amzn1.x86_64  
    openssl-static-1.0.0i-1.41.amzn1.x86_64  
    openssl-debuginfo-1.0.0i-1.41.amzn1.x86_64  
    openssl-1.0.0i-1.41.amzn1.x86_64  

Additional References

Red Hat: CVE-2012-2110

Mitre: CVE-2012-2110