| View previous topic :: View next topic |
| Author |
Message |
BHReach
n00b
Joined: 24 Jan 2012
Posts: 40
|
 Posted: Sat Jul 16, 2016 4:31 am Post subject: openssl GLSA 201603-15 |
 |
|
I have this conundrum.
2 computer plum and pear:
| Code: | pear ~ # glsa-check -t all
This system is affected by the following GLSAs:
201603-15
pear ~ # openssl version
OpenSSL 1.0.2h 3 May 2016 |
| Code: | plum ~ # glsa-check -t all
This system is not affected by any of the listed GLSAs
plum ~ # openssl version
OpenSSL 1.0.2h 3 May 2016 |
According to the docs:
OpenSSL: Multiple vulnerabilities — GLSA 201603-15
Package dev-libs/openssl on all architectures
Affected versions < 1.0.2g-r2
Unaffected versions >= 1.0.2g-r2
Neither should be affected by it (they both have the same version of openssl???)
Why is this happening? |
|
| Back to top |
|
 |
Ant P.
Watchman
Joined: 18 Apr 2009
Posts: 6875
|
| Posted: Sat Jul 16, 2016 2:22 pm Post subject: |
|
|
| Post the output from emerge -cpv '<openssl-1.0.2g-r2' |
|
| Back to top |
|
|
BHReach
n00b
Joined: 24 Jan 2012
Posts: 40
|
| Posted: Sat Jul 16, 2016 4:38 pm Post subject: |
|
|
| Ant P. wrote: | | Post the output from emerge -cpv '<openssl-1.0.2g-r2' |
| Code: | pear ~ $ emerge -cpv '<openssl-1.0.2g-r2'
Calculating dependencies... done!
dev-libs/openssl-0.9.8z_p8 pulled in by:
app-text/acroread-9.5.5-r3 requires dev-libs/openssl:0.9.8[abi_x86_32(-)]
>>> No packages selected for removal by depclean
Packages installed: 1168
Packages in world: 155
Packages in system: 44
Required packages: 1168
Number to remove: 0 |
| Code: | plum ~ $ emerge -cpv '<openssl-1.0.2g-r2'
--- Couldn't find '<dev-libs/openssl-1.0.2g-r2' to depclean.
>>> No packages selected for removal by depclean |
|
|
| Back to top |
|
|
Ant P.
Watchman
Joined: 18 Apr 2009
Posts: 6875
|
| Posted: Sat Jul 16, 2016 7:08 pm Post subject: |
|
|
| You have the proprietary Adobe Acrobat reader installed, which in turn depends on a vulnerable version of OpenSSL. glsa-check's output is correct after all. |
|
| Back to top |
|
|
BHReach
n00b
Joined: 24 Jan 2012
Posts: 40
|
| Posted: Sat Jul 16, 2016 8:56 pm Post subject: |
|
|
| Ant P. wrote: | | You have the proprietary Adobe Acrobat reader installed, which in turn depends on a vulnerable version of OpenSSL. glsa-check's output is correct after all. |
Unfortunately all the other pdf readers have trouble rendering or printing some documents. The only other option is to use the current version on Windows and I am sure that it has its own security vulnerabilities.
I don't use it that often but when okular or qpdfview don't work, I have no other choice. |
|
| Back to top |
|
|
|
Networking & Security
