From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 40F7F1389E2 for ; Fri, 26 Dec 2014 00:43:48 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id AA9C4E08D6; Fri, 26 Dec 2014 00:43:47 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4877FE08D6 for ; Fri, 26 Dec 2014 00:43:47 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 5834D3405EB for ; Fri, 26 Dec 2014 00:43:46 +0000 (UTC) Received: by oystercatcher.gentoo.org (Postfix, from userid 2316) id 11552D602; Fri, 26 Dec 2014 00:43:45 +0000 (UTC) From: "Sean Amoss (ackle)" To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, ackle@gentoo.org Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201412-39.xml X-VCS-Repository: gentoo X-VCS-Files: glsa-201412-39.xml X-VCS-Directories: xml/htdocs/security/en/glsa X-VCS-Committer: ackle X-VCS-Committer-Name: Sean Amoss Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Message-Id: <20141226004345.11552D602@oystercatcher.gentoo.org> Date: Fri, 26 Dec 2014 00:43:45 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: ed95b106-b8db-4b05-bf08-1966ae601cdc X-Archives-Hash: d2df162dbdd84afae419ae1bed3bcdd3 ackle 14/12/26 00:43:45 Added: glsa-201412-39.xml Log: GLSA 201412-39 Revision Changes Path 1.1 xml/htdocs/security/en/glsa/glsa-201412-39.xml file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201412-39.xml?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201412-39.xml?rev=1.1&content-type=text/plain Index: glsa-201412-39.xml =================================================================== OpenSSL: Multiple vulnerabilities Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks. openssl December 26, 2014 December 26, 2014: 1 494816 519264 525468 remote 1.0.1j 0.9.8z_p2 1.0.1j

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

A remote attacker may be able to cause a Denial of Service condition, perform Man-in-the-Middle attacks, obtain sensitive information, or bypass security restrictions.

There is no known workaround at this time.

All OpenSSL 1.0.1 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j"

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.

CVE-2013-6449 CVE-2013-6450 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2014-5139 K_F K_F