[openssl_utils 0005247]: Another OpenSSL vulnerability

Mantis Bug Tracker via bug-notifications bug-notifications at lists.opencsw.org
Thu Jul 9 19:42:14 CEST 2015


The following issue has been SUBMITTED. 
====================================================================== 
https://www.opencsw.org/mantis/view.php?id=5247 
====================================================================== 
Reported By:                briandking
Assigned To:                
====================================================================== 
Project:                    openssl_utils
Issue ID:                   5247
Category:                   upgrade
Reproducibility:            have not tried
Severity:                   major
Priority:                   normal
Status:                     new
====================================================================== 
Date Submitted:             2015-07-09 19:42 CEST
Last Modified:              2015-07-09 19:42 CEST
====================================================================== 
Summary:                    Another OpenSSL vulnerability
Description: 
OpenSSL needs to be upgraded to 1.0.2d / 1.0.1p:

   http://openssl.org/news/secadv_20150709.txt

OpenSSL used as a client does not validate certificates properly. This
would affect Apache used as a proxy/reverse proxy, curl, wget, etc.
======================================================================



More information about the bug-notifications mailing list