Joined: 12 May 2004
|Posted: Thu Dec 14, 2017 7:26 pm Post subject: [ GLSA 201712-03 ] OpenSSL
|Gentoo Linux Security Advisory
Title: OpenSSL: Multiple vulnerabilities (GLSA 201712-03)
Bug(s): #629290, #636264, #640172
Multiple vulnerabilities have been found in OpenSSL, the worst of
which may lead to a Denial of Service condition.
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
Vulnerable: < 1.0.2n
Unaffected: >= 1.0.2n
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in OpenSSL. Please review
the referenced CVE identifiers for details.
A remote attacker could cause a Denial of Service condition, recover a
private key in unlikely circumstances, circumvent security restrictions
to perform unauthorized actions, or gain access to sensitive information.
There are no known workarounds at this time.
All OpenSSL users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2n"
Last edited by GLSA on Mon Jan 15, 2018 4:17 am; edited 1 time in total