]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/commit
projects / people / teissler / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 68eeed8) | patch
openssl: security update to 0.9.8x (CVE-2012-2333).
authorArne Fitzenreiter <arne_f@ipfire.org>
Sat, 12 May 2012 13:30:38 +0000 (15:30 +0200)
committerArne Fitzenreiter <arne_f@ipfire.org>
Sat, 12 May 2012 17:33:31 +0000 (19:33 +0200)
commit8074eed711092b90ae279fa968545a27d2655fd6
tree2a5e6300045be0c230a3e91d7db11d52593b6e97tree | snapshot
parent68eeed828507c6edc395772d6d9c81f1cc12dd53commit | diff
openssl: security update to 0.9.8x (CVE-2012-2333).

Invalid TLS/DTLS record attack (CVE-2012-2333)
===============================================

A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and
DTLS can be exploited in a denial of service attack on both clients and
servers.

DTLS applications are affected in all versions of OpenSSL. TLS is only
affected in OpenSSL 1.0.1 and later.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing
as a service testing platform.

The fix was developed by Stephen Henson of the OpenSSL core team.

Affected users should upgrade to OpenSSL 1.0.1c, 1.0.0j or 0.9.8x

References
==========

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120510.txt
lfs/openssl diff | blob | blame | history
Timo's tree of IPFire 2.x