Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201903-10 ] OpenSSL
View unanswered posts
View posts from last 24 hours

Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message

Joined: 12 May 2004
Posts: 2425

PostPosted: Thu Mar 14, 2019 3:26 am    Post subject: [ GLSA 201903-10 ] OpenSSL Reply with quote

Gentoo Linux Security Advisory

Title: OpenSSL: Multiple vulnerabilities (GLSA 201903-10)
Severity: normal
Exploitable: local, remote
Date: 2019-03-14
Bug(s): #673056, #678564
ID: 201903-10


Multiple Information Disclosure vulnerabilities in OpenSSL allow
attackers to obtain sensitive information.


OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
purpose cryptography library.

Affected Packages

Package: dev-libs/openssl
Vulnerable: < 1.0.2r
Unaffected: >= 1.0.2r
Architectures: All supported architectures


Multiple vulnerabilities have been discovered in OpenSSL. Please review
the CVE identifiers referenced below for details.


A remote attacker to obtain sensitive information, caused by the failure
to immediately close the TCP connection after the hosts encounter a
zero-length record with valid padding.
A local attacker could run a malicious process next to legitimate
processes using the architecture’s parallel thread running capabilities
to leak encrypted data from the CPU’s internal processes.


There is no known workaround at this time.


All OpenSSL users should upgrade to the latest version:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2r"


Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum