Mandriva Linux Security Advisory : openssl (MDVSA-2014:090)
Medium Nessus Plugin ID 74069
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated openssl packages fix security vulnerability :
A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-threaded application it may permit an attacker to inject data from one connection into another or cause denial of service (CVE-2010-5298).
Also fixed in this update is a potential security issue with detection of the critical flag for the TSA extended key usage under certain cases.
SolutionUpdate the affected packages.