Bug 5856

Summary: openssl new security issue CVE-2012-2333
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, tmb
Version: 1Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: openssl-1.0.0d-2.4.mga1.src.rpm CVE:
Status comment:

Description David Walser 2012-05-11 17:54:22 CEST 
Mandriva has issued this advisory today (May 11):
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:073

Freeze push requested to fix this vulnerability in Cauldron.

Patched package for Mageia 1 uploaded.

Advisory:
========================

Updated openssl packages fix security vulnerability:

A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can
be exploited in a denial of service attack on both clients and servers
(CVE-2012-2333).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333
http://www.openssl.org/news/secadv_20120510.txt
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:073
========================

Updated packages in core/updates_testing:
========================
openssl-1.0.0d-2.5.mga1
libopenssl-engines1.0.0-1.0.0d-2.5.mga1
libopenssl1.0.0-1.0.0d-2.5.mga1
libopenssl-devel-1.0.0d-2.5.mga1
libopenssl-static-devel-1.0.0d-2.5.mga1

from openssl-1.0.0d-2.5.mga1.src.rpm
Comment 1 Dave Hodgins 2012-05-11 22:53:43 CEST 
Testing complete on i586 for the srpm
openssl-1.0.0d-2.5.mga1.src.rpm

Just testing that https://localhost and browsing various secure
sites works.

CC: (none) => davidwhodgins

Comment 2 claire robinson 2012-05-14 14:54:46 CEST 
Tested OK x86_64 with wiki test procedures and browsing https.

Validating.

Please see comment 0 for advisory and srpm.

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Hardware: i586 => All

Comment 3 Thomas Backlund 2012-05-16 12:55:05 CEST 
Update pushed

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED