OpenSSL ASN1 BIO Incomplete Fix

2012.04.25
Credit: Red Hat
Risk: High
Local: No
Remote: Yes
CWE: N/A

OpenSSL Security Advisory [24 Apr 2012] ======================================= ASN1 BIO incomplete fix (CVE-2012-2131) ======================================= It was discovered that the fix for CVE-2012-2110 released on 19 Apr 2012 was not sufficient to correct the issue for OpenSSL 0.9.8. Please see http://www.openssl.org/news/secadv_20120419.txt for details of that vulnerability. This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i already contain a patch sufficient to correct CVE-2012-2110. Thanks to Red Hat for discovering and fixing this issue. Affected users should upgrade to 0.9.8w. References ========== URL for this Security Advisory: http://www.openssl.org/news/secadv_20120424.txt

References:

http://www.openssl.org/news/secadv_20120419.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top