| Summary: | openssl new security issue CVE-2012-2110 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, sysadmin-bugs, tmb |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | openssl-1.0.0d-2.3.mga1.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-04-19 20:01:50 CEST
Patched package uploaded. Advisory: ======================== Updated openssl packages fix security vulnerability: A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio that affects S/MIME or CMS applications using the built in MIME parser SMIME_read_PKCS7 or SMIME_read_CMS (CVE-2012-2110). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 http://www.openssl.org/news/secadv_20120419.txt http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:060 ======================== Updated packages in core/updates_testing: ======================== libopenssl1.0.0-1.0.0d-2.4.mga1 libopenssl-devel-1.0.0d-2.4.mga1 libopenssl-engines1.0.0-1.0.0d-2.4.mga1 libopenssl-static-devel-1.0.0d-2.4.mga1 openssl-1.0.0d-2.4.mga1 from openssl-1.0.0d-2.4.mga1.src.rpm Assignee:
bugsquad =>
qa-bugs Testing complete on i586 for the srpm openssl-1.0.0d-2.4.mga1.src.rpm Testing using apache with https://localhost/, kolab, and cyprus-imapd. CC:
(none) =>
davidwhodgins Tested OK x86_64 with the procedures on the wiki and apache https://wiki.mageia.org/en/Testing_procedure_for_openssl Validating See comment 1 for advisory and srpm Could sysadmin please push from core/updates_testing to core/updates Thanks! Keywords:
(none) =>
validated_update update pushed Status:
NEW =>
RESOLVED |