[Frugalware-security] [ FSA-299 ] openssl

voroskoi noreply at frugalware.org
Tue Oct 23 09:00:59 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-299

Date: 2007-10-23
Package: openssl
Vulnerable versions: <= 0.9.8-9
Unaffected versions: >= 0.9.8-10sayshell1
Related bugreport: http://bugs.frugalware.org/task/2488
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995

Description
===========

Andy Polyakov has reported a vulnerability in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
The vulnerability is caused due to an unspecified error within the DTLS implementation. Successful exploitation may allow the execution of arbitrary code.
Note: Reportedly, this vulnerability affects only clients and servers explicitly using DTLS.

Updated Packages
================

Check if you have openssl installed:

	# pacman-g2 -Q openssl

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy openssl

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFHHZwrZ7NElSD1VhkRAoudAJ4pEHNozk8P9cWMvlGHwGIkm/uzSgCbBMEw
wDmtrwKjiBn3ucFatuj7zuA=
=WJe7
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list