A CVE has been issued for a potential DoS issue in openssl today (May 2): http://openwall.com/lists/oss-security/2014/05/02/6 Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated openssl packages fix security vulnerability: A null pointer dereference bug in OpenSSL 1.0.1g and earlier in so_ssl3_write() could possibly allow an attacker to cause generate an SSL alert which would cause OpenSSL to crash, resulting in a denial of service (CVE-2014-0198). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/005_openssl.patch.sig http://openwall.com/lists/oss-security/2014/05/02/6 ======================== Updated packages in core/updates_testing: ======================== openssl-1.0.1e-1.8.mga3 libopenssl-engines1.0.0-1.0.1e-1.8.mga3 libopenssl1.0.0-1.0.1e-1.8.mga3 libopenssl-devel-1.0.1e-1.8.mga3 libopenssl-static-devel-1.0.1e-1.8.mga3 openssl-1.0.1e-8.5.mga4 libopenssl-engines1.0.0-1.0.1e-8.5.mga4 libopenssl1.0.0-1.0.1e-8.5.mga4 libopenssl-devel-1.0.1e-8.5.mga4 libopenssl-static-devel-1.0.1e-8.5.mga4 from SRPMS: openssl-1.0.1e-1.8.mga3.src.rpm openssl-1.0.1e-8.5.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Openssl
Whiteboard: MGA3TOO => MGA3TOO has_procedure
Testing complete mga3 32 & 64 and mga4 32 & 64 Validating. Advisory uploaded. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0204.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/597337/