GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Jun 22, 2015 1:26 pm Post subject: [ GLSA 201506-02 ] OpenSSL |
|
|
Gentoo Linux Security Advisory
Title: OpenSSL: Multiple vulnerabilities (GLSA 201506-02)
Severity: normal
Exploitable: remote
Date: June 22, 2015
Bug(s): #551832
ID: 201506-02
Synopsis
Multiple vulnerabilities have been found in OpenSSL that can result
in either Denial of Service or information disclosure.
Background
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
and Transport Layer Security as well as a general purpose cryptography
library.
Affected Packages
Package: dev-libs/openssl
Vulnerable: < 1.0.1o
Unaffected: >= 1.0.1o
Unaffected: >= 0.9.8z_p7
Architectures: All supported architectures
Description
Multiple vulnerabilities have been found in OpenSSL. Please review the
CVE identifiers referenced below for details.
Impact
A remote attacker can cause Denial of Service and information
disclosure.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL 1.0.1 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1o"
| All OpenSSL 0.9.8 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p7"
|
References
CVE-2014-8176
CVE-2015-1788
CVE-2015-1789
CVE-2015-1790
CVE-2015-1791
CVE-2015-1792
CVE-2015-4000 |
|