GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Dec 14, 2017 7:26 pm Post subject: [ GLSA 201712-03 ] OpenSSL |
 |
|
Gentoo Linux Security Advisory
Title: OpenSSL: Multiple vulnerabilities (GLSA 201712-03)
Severity: normal
Exploitable: remote
Date: 2017-12-14
Bug(s): #629290, #636264, #640172
ID: 201712-03
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of
which may lead to a Denial of Service condition.
Background
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
Affected Packages
Package: dev-libs/openssl
Vulnerable: < 1.0.2n
Unaffected: >= 1.0.2n
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review
the referenced CVE identifiers for details.
Impact
A remote attacker could cause a Denial of Service condition, recover a
private key in unlikely circumstances, circumvent security restrictions
to perform unauthorized actions, or gain access to sensitive information.
Workaround
There are no known workarounds at this time.
Resolution
All OpenSSL users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2n"
|
References
CVE-2017-3735
CVE-2017-3736
CVE-2017-3737
CVE-2017-3738
Last edited by GLSA on Mon Jan 15, 2018 4:17 am; edited 1 time in total |
|
News & Announcements
