Navigation:
Browse pkgsrc
(this page) 2014-08-22 19:13:35 by Matthias Scheler | Files touched by this commit (2) |  |
Log message:
Pullup ticket #4481 - requested by obache
emulators/suse131_openssl: security update
Revisions pulled up:
- emulators/suse131_openssl/Makefile 1.10
- emulators/suse131_openssl/distinfo 1.10
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Aug 22 08:43:09 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_openssl: Makefile distinfo
Log message:
openSUSE Security Update: update for openssl
___________________________________________________________________________
___
Announcement ID: openSUSE-SU-2014:1052-1
Rating: moderate
References: #890764 #890765 #890766 #890767 #890768 #890769
#890770 #890771 #890772
Cross-References: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507
CVE-2014-3508 CVE-2014-3509 CVE-2014-3510
CVE-2014-3511 CVE-2014-3512 CVE-2014-5139
Affected Products:
openSUSE 13.1
openSUSE 12.3
___________________________________________________________________________
___
An update that fixes 9 vulnerabilities is now available.
Description:
This openssl update fixes the following security issues:
- openssl 1.0.1i
* Information leak in pretty printing functions (CVE-2014-3508)
* Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
* Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
* Double Free when processing DTLS packets (CVE-2014-3505)
* DTLS memory exhaustion (CVE-2014-3506)
* DTLS memory leak from zero-length fragments (CVE-2014-3507)
* OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
* OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
* SRP buffer overrun (CVE-2014-3512)
|
New packages: