Description: "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack."
Note that we needed an additional patch before stabilising: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2915b998b618e03e5c0fa120ae528be64209ea85.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=10129a5714e39b28141cb501eccaf86d16d47c4d commit 10129a5714e39b28141cb501eccaf86d16d47c4d Author: Sam James <sam@gentoo.org> AuthorDate: 2020-12-08 23:24:22 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-12-08 23:24:22 +0000 dev-libs/openssl: sync (security bump to 1.1.1i) Bug: https://bugs.gentoo.org/759079 Package-Manager: Portage-3.0.12-prefix, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/openssl/Manifest | 2 + dev-libs/openssl/openssl-1.1.1i.ebuild | 341 +++++++++++++++++++++++++++++++++ 2 files changed, 343 insertions(+)
amd64 done
ppc64 done
arm64 done
hppa/sparc stable
x86 stable
arm done
ppc stable
s390 stable
Please cleanup.
New GLSA request filed.
This issue was resolved and addressed in GLSA 202012-13 at https://security.gentoo.org/glsa/202012-13 by GLSA coordinator Thomas Deutschmann (whissi).