version 1.11, 2009/01/30 23:18:03 |
version 1.12, 2009/01/31 15:11:25 |
|
|
<li><a name="007_openssl"></a> |
<li><a name="007_openssl"></a> |
<font color="#009000"><strong>007: SECURITY FIX: January 9, 2009</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>007: SECURITY FIX: January 9, 2009</strong></font> <i>All architectures</i><br> |
The OpenSSL libraries did not correctly check the return value from |
The OpenSSL libraries did not correctly check the return value from |
certain verifiction functions, allowing validation to be bypassed and |
certain verification functions, allowing validation to be bypassed and |
permitting a remote attacker to conduct a "man in the middle attack" |
permitting a remote attacker to conduct a "man in the middle attack" |
against SSL/TLS connections if the server is configured with a DSA or ECDSA |
against SSL/TLS connections if the server is configured with a DSA or ECDSA |
certificate. |
certificate. |