Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 635584

Summary: dev-libs/libressl: out-of-bounds read creates crash
Product: Gentoo Security Reporter: Aleksandr Wagner (Kivak) <alwag>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: libressl
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.novell.com/show_bug.cgi?id=1065363
Whiteboard: B3 [ebuild]
Package list:
Runtime testing required: ---

Description Aleksandr Wagner (Kivak) 2017-10-27 14:55:49 UTC 
openssl-1.0.2l and libressl-2.6.2 are susceptible to an out-of-bounds read and crashes. https://marc.info/?l=openbsd-tech&m=150906184009035&w=2
So observed on Tumbleweed, and therefore very likely affects 42.2, 42.3 and SLE as well.

openssl-1.1.0f has been found to not have the problem anymore.

References:

https://marc.info/?l=openbsd-tech&m=150906184009035&w=2
https://marc.info/?l=openbsd-tech&m=150906184009035&q=raw
https://github.com/openssl/openssl/commit/6493e4801e9edbe1ad1e256d4ce9cd55c8aa2242#diff-bf594638aca419f471dd119cd22da58f

@ Maintainer(s): Please confirm that only libressl-2.6.2 is vulnerable to this bug.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2019-04-27 18:57:05 UTC 

*** This bug has been marked as a duplicate of bug 636264 ***