{"id":"MGASA-2017-0405","summary":"Updated openssl packages fix security vulnerabilities","details":"If an X.509 certificate has a malformed IPAddressFamily extension,\nOpenSSL could do a one-byte buffer overread. The most likely result\nwould be an erroneous display of the certificate in text format\n(CVE-2017-3735).\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring\nprocedure (CVE-2017-3736).\n","modified":"2026-04-16T01:47:38.895774593Z","published":"2017-11-08T22:43:48Z","upstream":["CVE-2017-3735","CVE-2017-3736"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0405.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21977"},{"type":"WEB","url":"https://www.openssl.org/news/secadv/20170828.txt"},{"type":"WEB","url":"https://www.openssl.org/news/secadv/20171102.txt"}],"affected":[{"package":{"name":"openssl","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/openssl?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.2m-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0405.json"}},{"package":{"name":"openssl","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/openssl?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.2m-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0405.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}