Summary: | <dev-libs/openssl-1.1.1j: multiple vulnerabilities (CVE-2021-{23840,23841}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, hydrapolic, luke |
Priority: | Normal | Flags: | nattka:
sanity-check-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
dev-libs/openssl-1.1.1j
|
Runtime testing required: | --- |
Description
Sam James
2021-02-09 17:43:28 UTC
1.1.1j is released: Fixed a NULL pointer deref in the X509_issuer_and_serial_hash() function (CVE-2021-23841) Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING padding mode to correctly check for rollback attacks Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate functions (CVE-2021-23840) Fixed SRP_Calc_client_key so that it runs in constant time Please bump. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e046f5a13926d01660a6abfbe63dfeb15ac2adec commit e046f5a13926d01660a6abfbe63dfeb15ac2adec Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-02-16 16:32:49 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-02-16 18:14:15 +0000 dev-libs/openssl: bump to v1.1.1j Bug: https://bugs.gentoo.org/769785 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-libs/openssl/Manifest | 1 + dev-libs/openssl/openssl-1.1.1j.ebuild | 326 +++++++++++++++++++++++++++++++++ 2 files changed, 327 insertions(+) x86 done amd64 done s390 done sparc done Prefix done arm64 done ppc done hppa stable ppc64 stable arm done all arches done Please cleanup, thanks. Unable to check for sanity:
> no match for package: dev-libs/openssl-1.1.1j
New GLSA request filed. Unable to check for sanity:
> no match for package: dev-libs/openssl-1.1.1j
This issue was resolved and addressed in GLSA 202103-03 at https://security.gentoo.org/glsa/202103-03 by GLSA coordinator Thomas Deutschmann (whissi). |