Path to this page:
Subject: CVS commit: [pkgsrc-2014Q1] pkgsrc/emulators/suse131_openssl
From: Matthias Scheler
Date: 2014-06-15 14:55:06
Message id: 20140615125506.1146596@cvs.netbsd.org
Log Message:
Pullup ticket #4432 - requested by obache
emulators/suse131_openssl: security update
Revisions pulled up:
- emulators/suse131_openssl/Makefile 1.9
- emulators/suse131_openssl/distinfo 1.9
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Jun 6 09:53:29 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_openssl: Makefile distinfo
Log Message:
Apply openSUSE-SU-2014:0764-1
openSUSE Security Update: openssl: update to version 1.0.1h
Description:
The openssl library was updated to version 1.0.1h fixing various security
issues and bugs:
Security issues fixed:
- CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully
crafted handshake can force the use of weak keying material in OpenSSL
SSL/TLS clients and servers.
- CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS
handshake to an OpenSSL DTLS client the code can be made to recurse
eventually crashing in a DoS attack.
- CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
overrun attack can be triggered by sending invalid DTLS fragments to an
OpenSSL DTLS client or server. This is potentially exploitable to run
arbitrary code on a vulnerable client or server.
- CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH
ciphersuites are subject to a denial of service attack.
Bump PKGREVISION.
Files: