Summary: | <dev-libs/openssl-{0.9.8t,1.0.0g}: DTLS Server DoS (CVE-2012-0050) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Icebird2000 <icebird2000> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, sven.koehler |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openssl.org/news/secadv_20120118.txt | ||
See Also: | https://bugzilla.redhat.com/show_bug.cgi?id=782795 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Icebird2000
2012-01-19 10:23:36 UTC
This issue is a caused by a regression of the CVE-2011-4108 fix. base-system, are the two versions in $summary good to go stable? yes, they should be good to stabilize Arches, please test and mark stable: =dev-libs/openssl-1.0.0g Target KEYWORDS : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" =dev-libs/openssl-0.9.8t Target KEYWORDS : "amd64 x86" amd64 stable x86 stable. Thanks Stable for HPPA. alpha/arm/ia64/m68k/s390/sh/sparc stable ppc done CVE-2012-0050 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050): OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. ppc64 done Thanks, everyone. Already part of draft GLSA. This issue was resolved and addressed in GLSA 201203-12 at http://security.gentoo.org/glsa/glsa-201203-12.xml by GLSA coordinator Sean Amoss (ackle). |