Stay Connected:

ELSA-2010-0162

ELSA-2010-0162 - openssl security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2010-03-25

Description



[0.9.8e-12.6]
- fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924)

[0.9.8e-12.5]
- fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which
in the RHEL-5 and newer versions will crash in such case (#569774)

[0.9.8e-12.4]
- do not disable SSLv2 in the renegotiation patch - SSLv2 does
not support renegotiation
- allow unsafe renegotiation on clients with SSL_OP_LEGACY_SERVER_CONNECT

[0.9.8e-12.3]
- mention the RFC5746 in the CVE-2009-3555 doc

[0.9.8e-12.2]
- fix CVE-2009-3555 - support the safe renegotiation extension and
do not allow legacy renegotiation on the server by default (#533125)


Related CVEs


CVE-2009-3245
CVE-2009-3555
CVE-2010-0433

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 5 (i386) openssl-0.9.8e-12.el5_4.6.src.rpm5aca40889f48095d6292c63e17113b01ELEA-2017-1391
openssl-0.9.8e-12.el5_4.6.i386.rpmfe185cfd9e9b950951fa3ae239b0e27cELEA-2017-1391
openssl-0.9.8e-12.el5_4.6.i686.rpm7d756b68008bd67f06893de57717093eELEA-2017-1391
openssl-devel-0.9.8e-12.el5_4.6.i386.rpm91db20d3be91ce3e7775c0b527d9bf92ELEA-2017-1391
openssl-perl-0.9.8e-12.el5_4.6.i386.rpmd37cce2db05d1fb851d9c835d2062be0ELEA-2017-1391
Oracle Linux 5 (ia64) openssl-0.9.8e-12.el5_4.6.src.rpm5aca40889f48095d6292c63e17113b01ELEA-2017-1391
openssl-0.9.8e-12.el5_4.6.i686.rpm7d756b68008bd67f06893de57717093eELEA-2017-1391
openssl-0.9.8e-12.el5_4.6.ia64.rpm8ad73b621b2ecc091687712b0b55c63cELEA-2017-1391
openssl-devel-0.9.8e-12.el5_4.6.ia64.rpmca15b928757f4b6c9047b45cf7843776ELEA-2017-1391
openssl-perl-0.9.8e-12.el5_4.6.ia64.rpm2f93e44eb5b19b3ea431e05014a2c496ELEA-2017-1391
Oracle Linux 5 (x86_64) openssl-0.9.8e-12.el5_4.6.src.rpm5aca40889f48095d6292c63e17113b01ELEA-2017-1391
openssl-0.9.8e-12.el5_4.6.i686.rpm7d756b68008bd67f06893de57717093eELEA-2017-1391
openssl-0.9.8e-12.el5_4.6.x86_64.rpm7d045a0739cdc791803f0c4aaf41abfcELEA-2017-1391
openssl-devel-0.9.8e-12.el5_4.6.i386.rpm91db20d3be91ce3e7775c0b527d9bf92ELEA-2017-1391
openssl-devel-0.9.8e-12.el5_4.6.x86_64.rpm72d6560c63900445d6c2929bd7b65331ELEA-2017-1391
openssl-perl-0.9.8e-12.el5_4.6.x86_64.rpm231f64bcf2ead9b1077b09892f2d1149ELEA-2017-1391



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights