Several security problems have been founded in openssl before in 1.0.0k: * CVE-2013-0169: SSL, TLS and DTLS Plaintext Recovery Attack. Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing differences arising during MAC processing. * CVE-2013-0166: OCSP invalid key DoS issue. A flaw in the OpenSSL handling of OCSP response verification can be exploitedin a denial of service attack. The packages have been updated to latest 1.0.0k to fix above security flaws.
test procedure here https://wiki.mageia.org/en/QA_procedure:Openssl
Whiteboard: (none) => has_procedure
Testing complete on Mageia 2 i586 and x86_64. Could someone from the sysadmin team push the srpm openssl-1.0.0k-1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: Several security problems have been founded in openssl before in 1.0.0k: * CVE-2013-0169: SSL, TLS and DTLS Plaintext Recovery Attack. Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing differences arising during MAC processing. * CVE-2013-0166: OCSP invalid key DoS issue. A flaw in the OpenSSL handling of OCSP response verification can be exploitedin a denial of service attack. The packages have been updated to latest 1.0.0k to fix above security flaws. https://bugs.mageia.org/show_bug.cgi?id=8980
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: has_procedure => has_procedure MGA2-64-OK MGA2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0041
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
*** Bug 8970 has been marked as a duplicate of this bug. ***
CC: (none) => oe