MGASA-2015-0274

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0274.html

Import Source

https://advisories.mageia.org/MGASA-2015-0274.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0274

Related

CVE-2015-1793

Published

2015-07-10T08:12:35Z

Modified

2015-07-10T08:01:51Z

Summary

Updated openssl package fixes security vulnerability

Details

During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate (CVE-2015-1793).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / openssl

Package

Name: openssl
Purl: pkg:rpm/mageia/openssl?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2d-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / openssl

Package

Name: openssl
Purl: pkg:rpm/mageia/openssl?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.1p-1.mga4

Ecosystem specific

{
    "section": "core"
}