Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
openssl GLSA 201603-15
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
BHReach
n00b
n00b


Joined: 24 Jan 2012
Posts: 40

PostPosted: Sat Jul 16, 2016 4:31 am    Post subject: openssl GLSA 201603-15 Reply with quote

I have this conundrum.

2 computer plum and pear:

Code:
pear ~ # glsa-check -t all
This system is affected by the following GLSAs:
201603-15
pear ~ # openssl version
OpenSSL 1.0.2h  3 May 2016


Code:
plum ~ # glsa-check -t all
This system is not affected by any of the listed GLSAs
plum ~ # openssl version
OpenSSL 1.0.2h  3 May 2016


According to the docs:

OpenSSL: Multiple vulnerabilities — GLSA 201603-15
Package dev-libs/openssl on all architectures
Affected versions < 1.0.2g-r2
Unaffected versions >= 1.0.2g-r2

Neither should be affected by it (they both have the same version of openssl???)

Why is this happening?
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5592

PostPosted: Sat Jul 16, 2016 2:22 pm    Post subject: Reply with quote

Post the output from emerge -cpv '<openssl-1.0.2g-r2'
Back to top
View user's profile Send private message
BHReach
n00b
n00b


Joined: 24 Jan 2012
Posts: 40

PostPosted: Sat Jul 16, 2016 4:38 pm    Post subject: Reply with quote

Ant P. wrote:
Post the output from emerge -cpv '<openssl-1.0.2g-r2'

Code:
pear ~ $ emerge -cpv '<openssl-1.0.2g-r2'

Calculating dependencies... done!
  dev-libs/openssl-0.9.8z_p8 pulled in by:
    app-text/acroread-9.5.5-r3 requires dev-libs/openssl:0.9.8[abi_x86_32(-)]

>>> No packages selected for removal by depclean
Packages installed:   1168
Packages in world:    155
Packages in system:   44
Required packages:    1168
Number to remove:     0

Code:
plum ~ $ emerge -cpv '<openssl-1.0.2g-r2'
--- Couldn't find '<dev-libs/openssl-1.0.2g-r2' to depclean.
>>> No packages selected for removal by depclean
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5592

PostPosted: Sat Jul 16, 2016 7:08 pm    Post subject: Reply with quote

You have the proprietary Adobe Acrobat reader installed, which in turn depends on a vulnerable version of OpenSSL. glsa-check's output is correct after all.
Back to top
View user's profile Send private message
BHReach
n00b
n00b


Joined: 24 Jan 2012
Posts: 40

PostPosted: Sat Jul 16, 2016 8:56 pm    Post subject: Reply with quote

Ant P. wrote:
You have the proprietary Adobe Acrobat reader installed, which in turn depends on a vulnerable version of OpenSSL. glsa-check's output is correct after all.

Unfortunately all the other pdf readers have trouble rendering or printing some documents. The only other option is to use the current version on Windows and I am sure that it has its own security vulnerabilities.

I don't use it that often but when okular or qpdfview don't work, I have no other choice.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum