Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 195674

Summary: dev-libs/openssl: OpenSSL DTLS Implementation Vulnerability
Product: Gentoo Linux Reporter: cilly <cilly>
Component: New packagesAssignee: Gentoo Linux bug wranglers <bug-wranglers>
Status: RESOLVED DUPLICATE    
Severity: critical    
Priority: Highest    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/25878/
Whiteboard:
Package list:
Runtime testing required: ---

Description cilly 2007-10-13 02:27:55 UTC 
DESCRIPTION:
Andy Polyakov has reported a vulnerability in OpenSSL, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

The vulnerability is caused due to an unspecified error within the
DTLS implementation. Successful exploitation may allow the execution
of arbitrary code.

Note: Reportedly, this vulnerability affects only clients and servers
explicitly using DTLS.

The vulnerability is reported in all versions of 0.9.8 prior to
0.9.8f.

SOLUTION:
Update to version 0.9.8f and rebuild all packages using OpenSSL for
DTLS.

PROVIDED AND/OR DISCOVERED BY:
Andy Polyakov

ORIGINAL ADVISORY:
http://www.openssl.org/news/secadv_20071012.txt
Comment 1 cilly 2007-10-13 02:28:47 UTC 
ebuild for 098f or patch needed
Comment 2 SpanKY gentoo-dev 2007-10-13 02:36:23 UTC 
there is a search function, please use it

*** This bug has been marked as a duplicate of bug 195634 ***
Comment 3 cilly 2007-10-13 02:39:24 UTC 
(In reply to comment #2)
> there is a search function, please use it
> 
> *** This bug has been marked as a duplicate of bug 195634 ***
> 

hm, I did search, but not for closed bugs and since I was not able to see an update for openssl in portage, I thought it was not fixed.

sorry, my fault
Comment 4 cilly 2007-10-13 02:41:40 UTC 
hm, may be I searched before the original bug was written... so a race condition ;)