Fedora has issued an advisory on December 22: https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124854.html Patched packages uploaded for Mageia 3 and Cauldron. Advisory: ======================== Updated openssl packages fix security vulnerability: A flaw was reported for OpenSSL 1.0.1e, that can cause application using OpenSSL to crash when using TLS version 1.2 (CVE-2013-6449). Also, a NULL pointer reference issue has been fixed in SSL_get_certificate (mga#11549). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449 https://bugs.mageia.org/show_bug.cgi?id=11549 https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124854.html ======================== Updated packages in core/updates_testing: ======================== openssl-1.0.1e-1.2.mga3 libopenssl-engines1.0.0-1.0.1e-1.2.mga3 libopenssl1.0.0-1.0.1e-1.2.mga3 libopenssl-devel-1.0.1e-1.2.mga3 libopenssl-static-devel-1.0.1e-1.2.mga3 from openssl-1.0.1e-1.2.mga3.src.rpm Reproducible: Steps to Reproduce:
Blocks: (none) => 11549
URL: (none) => http://lwn.net/Vulnerabilities/578018/
CC: (none) => davidwhodginsWhiteboard: (none) => advisory
In VirtualBox, M3, KDE, 32-bit Package(s) under test: openssl install openssl [root@localhost wilcal]# urpmi openssl Package openssl-1.0.1e-1.mga3.i586 is already installed Access test install with putty from an M3 system on the LAN successful install openssl from updates_testing [root@localhost wilcal]# urpmi openssl Package openssl-1.0.1e-1.2.mga3.i586 is already installed Access test install with putty from an M3 system on the LAN successful Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) VirtualBox 4.2.16-1.mga3.x86_64.rpm
CC: (none) => wilcal.intWhiteboard: advisory => advisory MGA3-32-OK
In VirtualBox, M3, KDE, 64-bit Package(s) under test: openssl install openssl [root@localhost wilcal]# urpmi openssl Package openssl-1.0.1e-1.mga3.x86_64 is already installed Access test install with putty from an M3 system on the LAN successful install openssl from updates_testing [root@localhost wilcal]# urpmi openssl Package openssl-1.0.1e-1.2.mga3.x86_64 is already installed Access test install with putty from an M3 system on the LAN successful Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) VirtualBox 4.2.16-1.mga3.x86_64.rpm
Whiteboard: advisory MGA3-32-OK => advisory MGA3-32-OK MGA3-64-OK
Validating the update. Someone from the sysadmin team please push 12096.adv to updates.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0008.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED