Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
New OpenSSL security advisory
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
freke
Guru
Guru


Joined: 23 Jan 2003
Posts: 479
Location: Somewhere in Denmark

PostPosted: Fri Jun 12, 2015 9:13 am    Post subject: New OpenSSL security advisory Reply with quote

https://www.openssl.org/news/secadv_20150611.txt - time to move to 1.0.1n (or 1.0.2b)?
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7241
Location: almost Mile High in the USA

PostPosted: Fri Jun 12, 2015 12:30 pm    Post subject: Reply with quote

File a security bug on bugs.gentoo.org if there isn't already one.

Thanks for finding this!
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
desultory
Administrator
Administrator


Joined: 04 Nov 2005
Posts: 9276

PostPosted: Sat Jun 13, 2015 3:12 am    Post subject: Reply with quote

There is already a bug in progress for this.
Back to top
View user's profile Send private message
kernelOfTruth
Watchman
Watchman


Joined: 20 Dec 2005
Posts: 6111
Location: Vienna, Austria; Germany; hello world :)

PostPosted: Sat Jun 13, 2015 8:01 pm    Post subject: Reply with quote

Before and/or during updating watch out:

There's an ABI change:

http://www.golem.de/news/sicherheitsluecken-openssl-update-verursacht-abi-probleme-1506-114638.html

Quote:
Die neuen Versionen ändern die Datenstruktur HMAC_CTX, die Teil der öffentlichen API von OpenSSL ist.



Quote:
The new versions modify the data structure HMAC_CTX which is part of the public API of OpenSSL.



So packages linking against openssl naturally need to be rebuilt
_________________
https://github.com/kernelOfTruth/ZFS-for-SystemRescueCD/tree/ZFS-for-SysRescCD-4.9.0
https://github.com/kernelOfTruth/pulseaudio-equalizer-ladspa

Hardcore Gentoo Linux user since 2004 :D
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3210
Location: Illinois, USA

PostPosted: Sun Jun 14, 2015 12:10 am    Post subject: Reply with quote

From the linked bug report:

Quote:
1.0.2c and 1.0.1o are now out and reverse the ABI breakage.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum