{"id":"MGASA-2014-0187","summary":"Updated openssl packages fix CVE-2010-5298","details":"Updated openssl packages fix security vulnerability:\n\nA read buffer can be freed even when it still contains data that is used\nlater on, leading to a use-after-free. Given a race condition in a\nmulti-threaded application it may permit an attacker to inject data from\none connection into another or cause denial of service (CVE-2010-5298).\n\nAlso fixed in this update is a potential security issue with detection of\nthe \"critical\" flag for the TSA extended key usage under certain cases.\n","modified":"2026-04-16T01:46:35.038487118Z","published":"2014-04-23T16:04:21Z","upstream":["CVE-2010-5298"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0187.html"},{"type":"WEB","url":"https://www.debian.org/security/2014/dsa-2908"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13210"}],"affected":[{"package":{"name":"openssl","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/openssl?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1e-1.7.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0187.json"}},{"package":{"name":"openssl","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/openssl?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1e-8.4.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0187.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}