CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:P/A:P
EPSS
Percentile
90.8%
Updated openssl packages fix security vulnerability: A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-threaded application it may permit an attacker to inject data from one connection into another or cause denial of service (CVE-2010-5298). Also fixed in this update is a potential security issue with detection of the “critical” flag for the TSA extended key usage under certain cases.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | openssl | < 1.0.1e-1.7 | openssl-1.0.1e-1.7.mga3 |
Mageia | 4 | noarch | openssl | < 1.0.1e-8.4 | openssl-1.0.1e-8.4.mga4 |