OpenSSL ASN1 BIO Incomplete Fix

2012.04.25

Credit: Red Hat

Risk: High

Local: No

Remote: Yes

CVE: CVE-2012-2131 | CVE-2012-2110

CWE: N/A

OpenSSL Security Advisory [24 Apr 2012]
=======================================
ASN1 BIO incomplete fix (CVE-2012-2131)
=======================================
It was discovered that the fix for CVE-2012-2110 released on 19 Apr
2012 was not sufficient to correct the issue for OpenSSL 0.9.8.
Please see http://www.openssl.org/news/secadv_20120419.txt for details
of that vulnerability.
This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i
already contain a patch sufficient to correct CVE-2012-2110.
Thanks to Red Hat for discovering and fixing this issue.
Affected users should upgrade to 0.9.8w.
References
==========
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120424.txt

References:

http://www.openssl.org/news/secadv_20120419.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

OpenSSL ASN1 BIO Incomplete Fix

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.