Summary: | <dev-libs/openssl-{3.0.13-r1, 3.1.5-r2, 3.2.1-r2}: Unbounded memory growth with session handling in TLSv1.3 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openssl.org/news/secadv/20240408.txt | ||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 930057 | ||
Bug Blocks: |
Description
Sam James
2024-04-15 06:54:03 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ccf71abfb2591dbf4b65f1db957596562234cb82 commit ccf71abfb2591dbf4b65f1db957596562234cb82 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-04-15 07:15:58 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-04-15 07:16:11 +0000 dev-libs/openssl: fix CVE-2024-2511 for 3.2.1 Bug: https://bugs.gentoo.org/930047 Signed-off-by: Sam James <sam@gentoo.org> .../files/openssl-3.2.1-CVE-2024-2511.patch | 137 +++++++++ dev-libs/openssl/openssl-3.2.1-r2.ebuild | 307 +++++++++++++++++++++ 2 files changed, 444 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=636d49c76a46cd0bbe86a1eb9c64880b34036c43 commit 636d49c76a46cd0bbe86a1eb9c64880b34036c43 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-04-15 07:08:32 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-04-15 07:16:10 +0000 dev-libs/openssl: fix CVE-2024-2511 for 3.1.5 Bug: https://bugs.gentoo.org/930047 Signed-off-by: Sam James <sam@gentoo.org> .../files/openssl-3.1.5-CVE-2024-2511.patch | 137 ++++++++++ dev-libs/openssl/openssl-3.1.5-r2.ebuild | 286 +++++++++++++++++++++ 2 files changed, 423 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84e42134da6902dd0b2f9d224127defa9b5ef21f commit 84e42134da6902dd0b2f9d224127defa9b5ef21f Author: Sam James <sam@gentoo.org> AuthorDate: 2024-04-15 07:01:15 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-04-15 07:16:10 +0000 dev-libs/openssl: fix CVE-2024-2511 for 3.0.13 Bug: https://bugs.gentoo.org/930047 Signed-off-by: Sam James <sam@gentoo.org> .../files/openssl-3.0.13-CVE-2024-2511.patch | 141 +++++++++++ dev-libs/openssl/openssl-3.0.13-r1.ebuild | 282 +++++++++++++++++++++ 2 files changed, 423 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=794226755044b4ba9593367a1c99d5746eb23305 commit 794226755044b4ba9593367a1c99d5746eb23305 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-05-31 23:56:57 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-05-31 23:57:34 +0000 dev-libs/openssl: drop 3.0.11, 3.0.12, 3.0.13, 3.0.13-r1 Bug: https://bugs.gentoo.org/930047 Bug: https://bugs.gentoo.org/921684 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/openssl/Manifest | 4 - dev-libs/openssl/openssl-3.0.11.ebuild | 288 ------------------------------ dev-libs/openssl/openssl-3.0.12.ebuild | 288 ------------------------------ dev-libs/openssl/openssl-3.0.13-r1.ebuild | 282 ----------------------------- dev-libs/openssl/openssl-3.0.13.ebuild | 278 ---------------------------- 5 files changed, 1140 deletions(-) |