[El-errata] New openssl updates available via Ksplice (ELSA-2015-2617)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Dec 15 02:38:34 PST 2015

Synopsis: ELSA-2015-2617 can now be patched using Ksplice
CVEs: CVE-2015-3194 CVE-2015-3195 CVE-2015-3196

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Security Advisory, ELSA-2015-2617.


We recommend that all users of Ksplice on OL 7 install these updates.

You can install these updates by running:

# ksplice -y user upgrade


* CVE-2015-3194: Denial-of-service in SSL certificate verification.

Incorrect handling of ASN.1 signatures created with the RSA PSS
algorithm and no mask generation function parameter could result in a
NULL pointer dereference.  An attacker able to trigger certificate
validation of a maliciously crafted certificate could crash the

* CVE-2015-3195: Remote denial-of-service in PKCS#7 and CMS parsing.

Incorrect handling of X509_ATTRIBUTE structures could result in a memory
leak.  A remote attacker could use this flaw to crash the application
where untrusted input was decoded.

* CVE-2015-3196: Denial-of-service in SSL PSK hint handling.

A race condition when handling PSK hints could result in a double-free
when making SSL connections.  Under specific conditions an attacker
could use this flaw to crash the application.


Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list