Jump to content

Advisories MDVSA-2010:248: openssl


paul
 Share

Recommended Posts

A vulnerability was discovered and corrected in openssl:

 

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when

SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly

prevent modification of the ciphersuite in the session cache, which

allows remote attackers to force the use of an unintended cipher

via vectors involving sniffing network traffic to discover a session

identifier (CVE-2010-4180).

 

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

The updated packages have been patched to correct this issue.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...