Opened 9 years ago

Closed 9 years ago

#7490 closed enhancement (fixed)

OpenSSL-1.0.2g

Reported by: Armin K Owned by: ken@…
Priority: highest Milestone: 7.9
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

https://openssl.org/source/openssl-1.0.2g.tar.gz

https://openssl.org/news/secadv/20160301.txt 

Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
Double-free in DSA code (CVE-2016-0705)
Memory leak in SRP database lookups (CVE-2016-0798)
BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
Fix memory issues in BIO_*printf functions (CVE-2016-0799)
Side channel attack on modular exponentiation (CVE-2016-0702)
Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)
Bleichenbacher oracle in SSLv2 (CVE-2016-0704)

Change History (2)

comment:1 by ken@…, 9 years ago

Owner: changed from blfs-book@… to ken@…
Status: newassigned

Because this turns off SSLv2, at least curl (specifically libcurl.so, which is used by something in libreoffice's configure, and Python3, need to be recompiled to stop referencing SSLv2 functions.

comment:2 by ken@…, 9 years ago

Resolution: fixed
Status: assignedclosed

Done at r17045

Note: See TracTickets for help on using tickets.