* [Buildroot] [Bug 703] New: [SECURITY] Update openssl package to 0.9.8l
@ 2009-11-10 17:22 bugzilla at busybox.net
2009-11-15 23:00 ` [Buildroot] [Bug 703] " bugzilla at busybox.net
0 siblings, 1 reply; 2+ messages in thread
From: bugzilla at busybox.net @ 2009-11-10 17:22 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=703
Host: i686-linux
Target: arm-softfloat-linux-uclibcgnueabi
Summary: [SECURITY] Update openssl package to 0.9.8l
Product: buildroot
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: major
Priority: P5
Component: Outdated package
AssignedTo: unassigned at buildroot.uclibc.org
ReportedBy: gustavo at zacarias.com.ar
CC: buildroot at uclibc.org
Estimated Hours: 0.0
Created an attachment (id=731)
--> (https://bugs.busybox.net/attachment.cgi?id=731)
Bump openssl package to 0.9.8l + security fixes
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier
0.9.8 versions allows remote attackers to cause a denial of service (memory
consumption) via a large series of "future epoch" DTLS records that are
buffered in a queue, aka "DTLS record buffer limitation bug."
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378
Multiple memory leaks in the dtls1_process_out_of_seq_message function in
ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote
attackers to cause a denial of service (memory consumption) via DTLS records
that (1) are duplicates or (2) have sequence numbers much greater than current
sequence numbers, aka "DTLS fragment handling memory leak."
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function
in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a
denial of service (openssl s_client crash) and possibly have unspecified other
impact via a DTLS packet, as demonstrated by a packet from a server that uses a
crafted server certificate.
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Buildroot] [Bug 703] [SECURITY] Update openssl package to 0.9.8l
2009-11-10 17:22 [Buildroot] [Bug 703] New: [SECURITY] Update openssl package to 0.9.8l bugzilla at busybox.net
@ 2009-11-15 23:00 ` bugzilla at busybox.net
0 siblings, 0 replies; 2+ messages in thread
From: bugzilla at busybox.net @ 2009-11-15 23:00 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=703
Peter Korsgaard <jacmet@uclibc.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #1 from Peter Korsgaard <jacmet@uclibc.org> 2009-11-15 23:00:35 UTC ---
Thanks, committed. It would have been good to document why you need
openssl-ditch.reject.patch though.
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-11-15 23:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-11-10 17:22 [Buildroot] [Bug 703] New: [SECURITY] Update openssl package to 0.9.8l bugzilla at busybox.net
2009-11-15 23:00 ` [Buildroot] [Bug 703] " bugzilla at busybox.net
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.