Bug 5493 - openssl new security issue CVE-2012-2110
: openssl new security issue CVE-2012-2110
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 1
: All Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
:
:
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-04-19 20:01 CEST by David Walser
Modified: 2012-05-07 14:35 CEST (History)
3 users (show)

See Also:
Source RPM: openssl-1.0.0d-2.3.mga1.src.rpm
CVE:


Attachments

Description David Walser 2012-04-19 20:01:50 CEST
Mandriva has issued this advisory today (April 19):
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:060

Cauldron is not vulnerable (we already have 1.0.0i).
Comment 1 David Walser 2012-04-20 15:48:18 CEST
Patched package uploaded.

Advisory:
========================

Updated openssl packages fix security vulnerability:

A potentially exploitable vulnerability has been discovered in
the OpenSSL function asn1_d2i_read_bio that affects S/MIME or CMS
applications using the built in MIME parser SMIME_read_PKCS7 or
SMIME_read_CMS (CVE-2012-2110).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
http://www.openssl.org/news/secadv_20120419.txt
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:060
========================

Updated packages in core/updates_testing:
========================
libopenssl1.0.0-1.0.0d-2.4.mga1
libopenssl-devel-1.0.0d-2.4.mga1
libopenssl-engines1.0.0-1.0.0d-2.4.mga1
libopenssl-static-devel-1.0.0d-2.4.mga1
openssl-1.0.0d-2.4.mga1

from openssl-1.0.0d-2.4.mga1.src.rpm
Comment 2 Dave Hodgins 2012-04-20 22:59:03 CEST
Testing complete on i586 for the srpm
openssl-1.0.0d-2.4.mga1.src.rpm

Testing using apache with https://localhost/,
kolab, and cyprus-imapd.
Comment 3 claire robinson 2012-05-05 15:15:42 CEST
Tested OK x86_64 with the procedures on the wiki and apache

https://wiki.mageia.org/en/Testing_procedure_for_openssl

Validating

See comment 1 for advisory and srpm

Could sysadmin please push from core/updates_testing to core/updates

Thanks!
Comment 4 Thomas Backlund 2012-05-07 14:35:42 CEST
update pushed

Note You need to log in before you can comment on or make changes to this bug.