{"id":"MGASA-2014-0012","summary":"Updated openssl package fixes security vulnerabilities","details":"Updated openssl packages fix security vulnerabilities:\n\nThe DTLS retransmission implementation in OpenSSL through 1.0.1e does not\nproperly maintain data structures for digest and encryption contexts, which\nmight allow man-in-the-middle attackers to trigger the use of a different\ncontext by interfering with packet delivery (CVE-2013-6450).\n\nA carefully crafted invalid TLS handshake could crash OpenSSL with a NULL\npointer exception. A malicious server could use this flaw to crash a\nconnecting client (CVE-2013-4353).\n","modified":"2026-04-16T01:49:11.856839158Z","published":"2014-01-17T00:33:19Z","upstream":["CVE-2013-4353","CVE-2013-6450"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0012.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=12183"},{"type":"WEB","url":"http://www.openssl.org/news/vulnerabilities.html"},{"type":"WEB","url":"http://www.debian.org/security/2014/dsa-2833"},{"type":"WEB","url":"http://www.debian.org/security/2014/dsa-2837"}],"affected":[{"package":{"name":"openssl","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/openssl?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1e-1.3.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0012.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}