openssl
Page content
- Author: kikadf
- Vulnerable: 1.0.1-4
- Unaffected: 1.0.1-5arcturus1
Anton Johansson discovered that an invalid TLS handshake package could crash OpenSSL with a NULL pointer dereference. Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this update disables the insecure Dual_EC_DRBG algorithm and no longer uses the RdRand feature available on some Intel CPUs as a sole source of entropy unless explicitly requested.