Gentoo Archives: gentoo-commits

From: "Chris Reffett (creffett)" <creffett@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201312-03.xml
Date: Tue, 03 Dec 2013 03:55:29
Message-Id: 20131203035525.B054720035@flycatcher.gentoo.org
1 creffett 13/12/03 03:55:25
2
3 Added: glsa-201312-03.xml
4 Log:
5 GLSA 201312-03
6
7 Revision Changes Path
8 1.1 xml/htdocs/security/en/glsa/glsa-201312-03.xml
9
10 file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201312-03.xml?rev=1.1&view=markup
11 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201312-03.xml?rev=1.1&content-type=text/plain
12
13 Index: glsa-201312-03.xml
14 ===================================================================
15 <?xml version="1.0" encoding="UTF-8"?>
16 <?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17 <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18 <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19 <glsa id="201312-03">
20 <title>OpenSSL: Multiple Vulnerabilities</title>
21 <synopsis>Multiple vulnerabilities have been found in OpenSSL allowing remote
22 attackers to determine private keys or cause a Denial of Service.
23 </synopsis>
24 <product type="ebuild">OpenSSL</product>
25 <announced>December 03, 2013</announced>
26 <revised>December 03, 2013: 1</revised>
27 <bug>369753</bug>
28 <bug>406199</bug>
29 <bug>412643</bug>
30 <bug>415435</bug>
31 <bug>455592</bug>
32 <access>remote</access>
33 <affected>
34 <package name="dev-libs/openssl" auto="yes" arch="*">
35 <unaffected range="rge">1.0.0j</unaffected>
36 <unaffected range="rge">0.9.8y</unaffected>
37 <vulnerable range="lt">1.0.0i</vulnerable>
38 </package>
39 <package name="dev-libs/openssl " auto="yes" arch="*">
40 <vulnerable range="lt">0.9.8y</vulnerable>
41 </package>
42 </affected>
43 <background>
44 <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
45 (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
46 purpose cryptography library.
47 </p>
48 </background>
49 <description>
50 <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
51 the CVE identifiers referenced below for details.
52 </p>
53 </description>
54 <impact type="low">
55 <p>Remote attackers can determine private keys, decrypt data, cause a
56 Denial of Service or possibly have other unspecified impact.
57 </p>
58 </impact>
59 <workaround>
60 <p>There is no known workaround at this time.</p>
61 </workaround>
62 <resolution>
63 <p>All OpenSSL 1.0.x users should upgrade to the latest version:</p>
64
65 <code>
66 # emerge --sync
67 # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.0j"
68 </code>
69
70 <p>All OpenSSL 0.9.8 users should upgrade to the latest version:</p>
71
72 <code>
73 # emerge --sync
74 # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-0.9.8y"
75 </code>
76 </resolution>
77 <references>
78 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7250">CVE-2006-7250</uri>
79 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1945">CVE-2011-1945</uri>
80 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0884">CVE-2012-0884</uri>
81 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1165">CVE-2012-1165</uri>
82 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2110">CVE-2012-2110</uri>
83 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2333">CVE-2012-2333</uri>
84 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2686">CVE-2012-2686</uri>
85 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0166">CVE-2013-0166</uri>
86 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169">CVE-2013-0169</uri>
87 </references>
88 <metadata tag="requester" timestamp="Thu, 15 Mar 2012 02:30:07 +0000">
89 underling
90 </metadata>
91 <metadata tag="submitter" timestamp="Tue, 03 Dec 2013 03:53:33 +0000">n0idx80</metadata>
92 </glsa>