Mandriva Linux Security Advisory : openssl (MDVSA-2014:007)
Medium Nessus Plugin ID 72021
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been discovered and corrected in openssl :
The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c (CVE-2013-6450).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.