FEDORA-EPEL-2015-11c5c57d59

security update in Fedora EPEL 5 for openssl101e

Status: stable 3 years ago

A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194)

A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)

A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)


The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

How to install

sudo dnf upgrade --advisory=FEDORA-EPEL-2015-11c5c57d59

Comments 6

This update has been submitted for testing by robert.

This update has obsoleted openssl101e-1.0.1e-4.el5, and has inherited its bugs and notes.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by robert.

This update has been pushed to stable.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 1
unstable threshold: -3
Autopush
Enabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago

Related Bugs 4

00 #1223990 Review Request: openssl101e - A general purpose cryptography library with TLS implementation
00 #1288320 CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter
00 #1288322 CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak
00 #1288326 CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint

Automated Test Results