CLD-685 Details
Other IDs this deficiency may be known by:
Basic Information:
| Affected Package(s) |
openssl |
| Deficiency Type |
SECURITY |
| Date Created |
2019-04-09 11:50:43 |
| Date Last Modified |
2019-04-09 11:58:16 |
Version Specific Information:
| Cucumber 1.1 i686 |
fixed in openssl-1.0.2r-i686-1 |
| Cucumber 1.1 x86_64 |
fixed in openssl-1.0.2r-x86_64-1 and openssl-lib_i686-1.0.2r-lib_i686-1 |
Details:
This is a security vulnerability that allowed for a padding oracle to be used
to decrypt data if an application called SSL_shutdown() twice after an error
occurred. This affects 1.0.2-1.0.2q; it was fixed in 1.0.2r. For more
information see:
https://www.openssl.org/news/secadv/20190226.txt