openssl security and bug fix update

2007-11-27T00:00:00
ID ELSA-2007-1003
Type oraclelinux
Reporter Oracle
Modified 2007-11-27T00:00:00

Description

[0.9.7a-43.17.1] - CVE-2007-5135 off by one buffer overflow in SSL_get_shared_ciphers (#309851) [0.9.7a-43.17] - use poll when reading random device (#236164) - make ssl session ID context matching strict (#244436) - openssl utility shouldnt crash on invalid PKCS#12 files (#245083) - CVE-2007-3108 remove conditionals in BN_div, BN_mod and final Montgomery reduction (#250580)