[openssl_utils 0005247]: Another OpenSSL vulnerability

Mantis Bug Tracker via bug-notifications bug-notifications at lists.opencsw.org
Fri Jul 10 11:16:25 CEST 2015


A NOTE has been added to this issue. 
====================================================================== 
https://www.opencsw.org/mantis/view.php?id=5247 
====================================================================== 
Reported By:                briandking
Assigned To:                
====================================================================== 
Project:                    openssl_utils
Issue ID:                   5247
Category:                   upgrade
Reproducibility:            have not tried
Severity:                   major
Priority:                   normal
Status:                     new
====================================================================== 
Date Submitted:             2015-07-09 19:42 CEST
Last Modified:              2015-07-10 11:16 CEST
====================================================================== 
Summary:                    Another OpenSSL vulnerability
Description: 
OpenSSL needs to be upgraded to 1.0.2d / 1.0.1p:

   http://openssl.org/news/secadv_20150709.txt

OpenSSL used as a client does not validate certificates properly. This
would affect Apache used as a proxy/reverse proxy, curl, wget, etc.
====================================================================== 

---------------------------------------------------------------------- 
 (0011041) jh (manager) - 2015-07-10 11:16
 https://www.opencsw.org/mantis/view.php?id=5247#c11041 
---------------------------------------------------------------------- 
new version already pushed to unstable



More information about the bug-notifications mailing list