—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:090
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : openssl
Date : May 16, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated openssl packages fix security vulnerability:

A read buffer can be freed even when it still contains data that is
used later on, leading to a use-after-free. Given a race condition
in a multi-threaded application it may permit an attacker to inject
data from one connection into another or cause denial of service
(CVE-2010-5298).

Also fixed in this update is a potential security issue with detection
of the critical flag for the TSA extended key usage under certain
cases.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://advisories.mageia.org/MGASA-2014-0187.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
9b69e2aa646ac282beeca44af49df06d mbs1/x86_64/lib64openssl1.0.0-1.0.0k-1.4.mbs1.x86_64.rpm
ea9449a0b7737bfb5aac2bd918c7aa78 mbs1/x86_64/lib64openssl-devel-1.0.0k-1.4.mbs1.x86_64.rpm
1736c36cceb47ead3173eb1b7851ce81 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0k-1.4.mbs1.x86_64.rpm
ccdab43f412486ade9f1564946152215 mbs1/x86_64/lib64openssl-static-devel-1.0.0k-1.4.mbs1.x86_64.rpm
06cb9a8cf5f5fdce5103d8b82a79e51d mbs1/x86_64/openssl-1.0.0k-1.4.mbs1.x86_64.rpm
e66a04905c723b1cbd2516de13506b71 mbs1/SRPMS/openssl-1.0.0k-1.4.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTdc/1mqjQ0CJFipgRAjIoAKCuuO4XvtxmY1RU32Zbxvvmqp4I2gCgp7KS
yBEUfRNgXV7oe68KyUowtfw=
=Bycn
—–END PGP SIGNATURE—–

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________