From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat, 12 May 2012 13:30:38 +0000 (+0200)
Subject: openssl: security update to 0.9.8x (CVE-2012-2333).
X-Git-Tag: v2.11-core59~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8074eed711092b90ae279fa968545a27d2655fd6;p=people%2Fdweismueller%2Fipfire-2.x.git

openssl: security update to 0.9.8x (CVE-2012-2333).

Invalid TLS/DTLS record attack (CVE-2012-2333)
===============================================

A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and
DTLS can be exploited in a denial of service attack on both clients and
servers.

DTLS applications are affected in all versions of OpenSSL. TLS is only
affected in OpenSSL 1.0.1 and later.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing
as a service testing platform.

The fix was developed by Stephen Henson of the OpenSSL core team.

Affected users should upgrade to OpenSSL 1.0.1c, 1.0.0j or 0.9.8x

References
==========

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120510.txt
---

diff --git a/lfs/openssl b/lfs/openssl
index c58c0487f..9aef173b0 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.9.8w
+VER        = 0.9.8x
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 4ceb7d570e42c094b360cc7b8e848a0b
+$(DL_FILE)_MD5 = ee17e9bc805c8cc7d0afac3b0ef78eda
 
 install : $(TARGET)