MGASA-2014-0187

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2010-5298

Published: 23 Apr 2014, 16:04

Last modified:16 Apr 2026, 06:23

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

23 Apr 2014, 16:04

Published

Vulnerability first disclosed

16 Apr 2026, 06:23

Last Modified

Vulnerability information updated

Description

Updated openssl packages fix CVE-2010-5298 Updated openssl packages fix security vulnerability: A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-threaded application it may permit an attacker to inject data from one connection into another or cause denial of service (CVE-2010-5298). Also fixed in this update is a potential security issue with detection of the "critical" flag for the TSA extended key usage under certain cases.

Affected Systems

mageia•openssl
< 1.0.1e-1.7.mga3
mageia•openssl
< 1.0.1e-8.4.mga4

MGASA-2014-0187

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)