Jump to content

Advisories MDVSA-2010:248: openssl


Recommended Posts

A vulnerability was discovered and corrected in openssl:


OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when

SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly

prevent modification of the ciphersuite in the session cache, which

allows remote attackers to force the use of an unintended cipher

via vectors involving sniffing network traffic to discover a session

identifier (CVE-2010-4180).


Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:



The updated packages have been patched to correct this issue.

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Create New...