Jump to content
Sign in to follow this  

Advisories MDVSA-2010:248: openssl

Recommended Posts

A vulnerability was discovered and corrected in openssl:


OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when

SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly

prevent modification of the ciphersuite in the session cache, which

allows remote attackers to force the use of an unintended cipher

via vectors involving sniffing network traffic to discover a session

identifier (CVE-2010-4180).


Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:



The updated packages have been patched to correct this issue.

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  

  • Create New...