OVMSA-2015-0005

OVMSA-2015-0005 - openssl security update

Type:SECURITY
Severity:MODERATE
Release Date:2015-01-21

Description


[1.0.1e-30.5]
- fix CVE-2014-3570 - incorrect computation in BN_sqr()
- fix CVE-2014-3571 - possible crash in dtls1_get_record()
- fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state
- fix CVE-2014-8275 - various certificate fingerprint issues
- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export
ciphersuites and on server
- fix CVE-2015-0205 - do not allow unauthenticated client DH certificate
- fix CVE-2015-0206 - possible memory leak when buffering DTLS records

[1.0.1e-30.4]
- use FIPS approved method for computation of d in RSA


Related CVEs


CVE-2014-3570
CVE-2014-3571
CVE-2014-3572
CVE-2014-8275
CVE-2015-0204
CVE-2015-0205
CVE-2015-0206

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle VM 3.3 (x86_64) openssl-1.0.1e-30.el6_6.5.src.rpm2387eaacbb88e58810103a5911af2f02OVMSA-2021-0011
openssl-1.0.1e-30.el6_6.5.x86_64.rpmb576660b72d4a448d29398b429ea5410OVMSA-2021-0011



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete