Opened 8 years ago
Closed 8 years ago
#7490 closed enhancement (fixed)
OpenSSL-1.0.2g
| Reported by: | Armin K | Owned by: | |
|---|---|---|---|
| Priority: | highest | Milestone: | 7.9 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
https://openssl.org/source/openssl-1.0.2g.tar.gz
https://openssl.org/news/secadv/20160301.txt
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) Double-free in DSA code (CVE-2016-0705) Memory leak in SRP database lookups (CVE-2016-0798) BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797) Fix memory issues in BIO_*printf functions (CVE-2016-0799) Side channel attack on modular exponentiation (CVE-2016-0702) Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703) Bleichenbacher oracle in SSLv2 (CVE-2016-0704)
Note:
See TracTickets
for help on using tickets.
Because this turns off SSLv2, at least curl (specifically libcurl.so, which is used by something in libreoffice's configure, and Python3, need to be recompiled to stop referencing SSLv2 functions.