GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Apr 23, 2020 2:26 pm Post subject: [ GLSA 202004-10 ] OpenSSL |
 |
|
Gentoo Linux Security Advisory
Title: OpenSSL: Multiple vulnerabilities (GLSA 202004-10)
Severity: normal
Exploitable: local, remote
Date: 2020-04-23
Bug(s): #702176, #717442
ID: 202004-10
Synopsis
Multiple vulnerabilities were found in OpenSSL, the worst of which
could allow remote attackers to cause a Denial of Service condition.
Background
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as well
as a general purpose cryptography library.
Affected Packages
Package: dev-libs/openssl
Vulnerable: < 1.1.1g
Unaffected: >= 1.1.1g
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could perform a malicious crafted TLS 1.3 handshake
against an application using OpenSSL, possibly resulting in a Denial of
Service condition.
In addition, it’s feasible that an attacker might attack DH512.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1g"
|
References
CVE-2019-1551
CVE-2020-1967 |
|
News & Announcements
