Vulnerability & Exploit Database

Back to search

RHSA-2014:0015: openssl security update

Severity CVSS Published Added Modified
6 (AV:N/AC:M/Au:N/C:N/I:P/A:P) January 01, 2014 January 09, 2014 July 04, 2017

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)and Transport Layer Security (TLS v1) protocols, as well as afull-strength, general purpose cryptography library.A flaw was found in the way OpenSSL determined which hashing algorithm touse when TLS protocol version 1.2 was enabled. This could possibly causeOpenSSL to use an incorrect hashing algorithm, leading to a crash of anapplication using the library. (CVE-2013-6449)It was discovered that the Datagram Transport Layer Security (DTLS)protocol implementation in OpenSSL did not properly maintain encryption anddigest contexts during renegotiation. A lost or discarded renegotiationhandshake packet could cause a DTLS client or server using OpenSSL tocrash. (CVE-2013-6450)A NULL pointer dereference flaw was found in the way OpenSSL handledTLS/SSL protocol handshake packets. A specially crafted handshake packetcould cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353)All OpenSSL users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. For the update to takeeffect, all services linked to the OpenSSL library must be restarted, orthe system rebooted.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

redhat-upgrade-openssl

Related Vulnerabilities