CLSA-2021-1634922881
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2021-1634922881.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2021-1634922881
- Upstream
- Published
- 2021-10-22T17:14:41Z
- Modified
- 2026-06-01T00:33:24.347067053Z
- Summary
- Fixed CVEs in openssl: CVE-2018-0739, CVE-2018-0732, CVE-2021-3712, CVE-2018-0737
- Details
-
- fix CVE-2021-3712 - handling ASN.1 string as NULL terminated leads to read buffer overrun
- Port patches from oracle6els branch, original changelog entry:
- Oracle bug 28730228: backport CVE-2018-0732
- Oracle bug 28758493: backport CVE-2018-0737
- Merge upstream patch to fix CVE-2018-0739
- Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz
- sha256 is used for the RSA pairwise consistency test instead of sha1
- References
Affected packages
TuxCare:OracleLinux:6 / openssl
Package
- Name
- openssl
- Purl
- pkg:rpm/tuxcare/openssl?distro=oraclelinux-6
TuxCare:OracleLinux:6 / openssl-devel
Package
- Name
- openssl-devel
- Purl
- pkg:rpm/tuxcare/openssl-devel?distro=oraclelinux-6
TuxCare:OracleLinux:6 / openssl-perl
Package
- Name
- openssl-perl
- Purl
- pkg:rpm/tuxcare/openssl-perl?distro=oraclelinux-6