pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2014Q1] pkgsrc/emulators/suse131_openssl
Module Name: pkgsrc
Committed By: tron
Date: Sun Jun 15 12:55:06 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_openssl [pkgsrc-2014Q1]: Makefile distinfo
Log Message:
Pullup ticket #4432 - requested by obache
emulators/suse131_openssl: security update
Revisions pulled up:
- emulators/suse131_openssl/Makefile 1.9
- emulators/suse131_openssl/distinfo 1.9
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Jun 6 09:53:29 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_openssl: Makefile distinfo
Log Message:
Apply openSUSE-SU-2014:0764-1
openSUSE Security Update: openssl: update to version 1.0.1h
Description:
The openssl library was updated to version 1.0.1h fixing various security
issues and bugs:
Security issues fixed:
- CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully
crafted handshake can force the use of weak keying material in OpenSSL
SSL/TLS clients and servers.
- CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS
handshake to an OpenSSL DTLS client the code can be made to recurse
eventually crashing in a DoS attack.
- CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
overrun attack can be triggered by sending invalid DTLS fragments to an
OpenSSL DTLS client or server. This is potentially exploitable to run
arbitrary code on a vulnerable client or server.
- CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH
ciphersuites are subject to a denial of service attack.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.3.2.4 -r1.3.2.5 pkgsrc/emulators/suse131_openssl/Makefile \
pkgsrc/emulators/suse131_openssl/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index