- Home
- CVEs with nessus.description==This update fixes several security issues in openssl :
- The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL
0.9.8f through 0.9.8m allows remote attackers to cause a
denial of service (crash) via a malformed record in a
TLS connection (CVE-2010-0740)
- OpenSSL before 0.9.8m does not check for a NULL return
value from bn_wexpand function calls which has
unspecified impact and context-dependent attack vectors
(CVE-2009-3245)
- The kssl_keytab_is_available function in ssl/kssl.c in
OpenSSL before 0.9.8n, when Kerberos is enabled but
Kerberos configuration files cannot be opened, could
allow remote attackers to cause a denial of service
(NULL pointer dereference and daemon crash)
(CVE-2010-0433)
- Finally, this update provides support for secure
renegotiation, preventing men-in-the-middle attacks
(CVE-2009-3555).
Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.
Update :
Packages for 2009.0 are provided due to the Extended Maintenance
Program
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top