[El-errata] New openssl updates available via Ksplice (ELSA-2015-2617)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Dec 15 02:38:34 PST 2015
Synopsis: ELSA-2015-2617 can now be patched using Ksplice
CVEs: CVE-2015-3194 CVE-2015-3195 CVE-2015-3196
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Security Advisory, ELSA-2015-2617.
INSTALLING THE UPDATES
We recommend that all users of Ksplice on OL 7 install these updates.
You can install these updates by running:
# ksplice -y user upgrade
DESCRIPTION
* CVE-2015-3194: Denial-of-service in SSL certificate verification.
Incorrect handling of ASN.1 signatures created with the RSA PSS
algorithm and no mask generation function parameter could result in a
NULL pointer dereference. An attacker able to trigger certificate
validation of a maliciously crafted certificate could crash the
application.
* CVE-2015-3195: Remote denial-of-service in PKCS#7 and CMS parsing.
Incorrect handling of X509_ATTRIBUTE structures could result in a memory
leak. A remote attacker could use this flaw to crash the application
where untrusted input was decoded.
* CVE-2015-3196: Denial-of-service in SSL PSK hint handling.
A race condition when handling PSK hints could result in a double-free
when making SSL connections. Under specific conditions an attacker
could use this flaw to crash the application.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list