Bug 18661 - openssl new security issues CVE-2016-2177 and CVE-2016-2178
Summary: openssl new security issues CVE-2016-2177 and CVE-2016-2178
Status: RESOLVED DUPLICATE of bug 19446
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: All Packagers
QA Contact: Sec team
URL:
Whiteboard: MGA5TOO
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-08 12:40 CEST by David Walser
Modified: 2016-09-23 21:54 CEST (History)
1 user (show)

See Also:
Source RPM: openssl-1.0.2h-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-06-08 12:40:37 CEST 
A security issue fixed in openssl's git was posted to oss-security:
http://www.openwall.com/lists/oss-security/2016/06/08/2

It was fixed with these commits:
https://git.openssl.org/?p=openssl.git;a=commit;h=621eaf49a289bfac26d4cbcdb7396e796784c534
https://git.openssl.org/?p=openssl.git;a=commit;h=b7d0f2834e139a20560d64c73e2565e93715ce2b

I also noticed another CVE referenced with this earlier commit:
https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7

I suppose another upstream release should be on the way before too long.
David Walser 2016-06-08 12:41:04 CEST

Whiteboard: (none) => MGA5TOO

Comment 1 Marja Van Waes 2016-06-08 15:03:46 CEST 
Assinging to all packagers collectively, since there is no maintainer for this package

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Comment 2 David Walser 2016-06-08 20:39:15 CEST 
oss-security post with more explanation about the other CVE:
http://openwall.com/lists/oss-security/2016/06/08/9
Comment 3 David Walser 2016-09-23 21:54:06 CEST 
These issues are being handled in Bug 19446.

*** This bug has been marked as a duplicate of bug 19446 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE
Note You need to log in before you can comment on or make changes to this bug.