Severity: Unknown
Affected Package: openssl
Summary: Multiple OpenSSL vulnerabilities (RSA PSS NULL deref, X509_ATTRIBUTE leak, PSK identity hint)
OpenSSL update addressing a NULL pointer dereference crash when verifying an RSA PSS signature with an absent mask generation function parameter, a memory leak when parsing a malformed X509_ATTRIBUTE structure, and incorrect updating of PSK identity hints in the parent SSL_CTX for multi-threaded clients. These could cause denial of service or memory corruption. Fixed in the 0.7.3 release.
No specific recommendations provided.
Aliases: CVE-2015-3194, CVE-2015-3195, CVE-2015-3196
Published: January 14, 2016
Last Modified: January 14, 2016