| Summary: | [Update Request]Update openssl package to fix several security problems | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Funda Wang <fundawang> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, oe, sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openssl.org/news/secadv_20130205.txt | ||
| Whiteboard: | has_procedure MGA2-64-OK MGA2-32-OK | ||
| Source RPM: | openssl-1.0.0k-1.mga2.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Funda Wang
2013-02-06 20:05:15 CET
test procedure here https://wiki.mageia.org/en/QA_procedure:Openssl Whiteboard:
(none) =>
has_procedure Testing complete on Mageia 2 i586 and x86_64. Could someone from the sysadmin team push the srpm openssl-1.0.0k-1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: Several security problems have been founded in openssl before in 1.0.0k: * CVE-2013-0169: SSL, TLS and DTLS Plaintext Recovery Attack. Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing differences arising during MAC processing. * CVE-2013-0166: OCSP invalid key DoS issue. A flaw in the OpenSSL handling of OCSP response verification can be exploitedin a denial of service attack. The packages have been updated to latest 1.0.0k to fix above security flaws. https://bugs.mageia.org/show_bug.cgi?id=8980 Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0041 Status:
NEW =>
RESOLVED |