Lucene search

K
mageiaGentoo FoundationMGASA-2014-0187
HistoryApr 23, 2014 - 8:04 p.m.

Updated openssl packages fix CVE-2010-5298

2014-04-2320:04:21
Gentoo Foundation
advisories.mageia.org
43

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:P/A:P

EPSS

0.029

Percentile

90.8%

Updated openssl packages fix security vulnerability: A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-threaded application it may permit an attacker to inject data from one connection into another or cause denial of service (CVE-2010-5298). Also fixed in this update is a potential security issue with detection of the “critical” flag for the TSA extended key usage under certain cases.

OSVersionArchitecturePackageVersionFilename
Mageia3noarchopenssl< 1.0.1e-1.7openssl-1.0.1e-1.7.mga3
Mageia4noarchopenssl< 1.0.1e-8.4openssl-1.0.1e-8.4.mga4

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:P/A:P

EPSS

0.029

Percentile

90.8%