Mandriva has issued this advisory today (May 11): http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:073 Freeze push requested to fix this vulnerability in Cauldron. Patched package for Mageia 1 uploaded. Advisory: ======================== Updated openssl packages fix security vulnerability: A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can be exploited in a denial of service attack on both clients and servers (CVE-2012-2333). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333 http://www.openssl.org/news/secadv_20120510.txt http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:073 ======================== Updated packages in core/updates_testing: ======================== openssl-1.0.0d-2.5.mga1 libopenssl-engines1.0.0-1.0.0d-2.5.mga1 libopenssl1.0.0-1.0.0d-2.5.mga1 libopenssl-devel-1.0.0d-2.5.mga1 libopenssl-static-devel-1.0.0d-2.5.mga1 from openssl-1.0.0d-2.5.mga1.src.rpm
Testing complete on i586 for the srpm openssl-1.0.0d-2.5.mga1.src.rpm Just testing that https://localhost and browsing various secure sites works.
CC: (none) => davidwhodgins
Tested OK x86_64 with wiki test procedures and browsing https. Validating. Please see comment 0 for advisory and srpm. Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => All
Update pushed
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED