Lucene search

K
oraclelinuxOracleELSA-2013-0587
HistoryMar 04, 2013 - 12:00 a.m.

openssl security update

2013-03-0400:00:00
Oracle
linux.oracle.com
41

0.007 Low

EPSS

Percentile

77.7%

[1.0.0-27.2]

  • fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)
  • fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)
  • enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB
    environment variable is set (fixes CVE-2012-4929 #857051)
  • use __secure_getenv() everywhere instead of getenv() (#839735)