File: [cvs.NetBSD.org] / pkgsrc / emulators / suse131_openssl / Makefile (download)
Revision 1.3.2.5, Sun Jun 15 12:55:05 2014 UTC (9 years, 10 months ago) by tron
Branch: pkgsrc-2014Q1
Changes since 1.3.2.4: +2 -2
lines
Pullup ticket #4432 - requested by obache
emulators/suse131_openssl: security update
Revisions pulled up:
- emulators/suse131_openssl/Makefile 1.9
- emulators/suse131_openssl/distinfo 1.9
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Jun 6 09:53:29 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_openssl: Makefile distinfo
Log Message:
Apply openSUSE-SU-2014:0764-1
openSUSE Security Update: openssl: update to version 1.0.1h
Description:
The openssl library was updated to version 1.0.1h fixing various security
issues and bugs:
Security issues fixed:
- CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully
crafted handshake can force the use of weak keying material in OpenSSL
SSL/TLS clients and servers.
- CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS
handshake to an OpenSSL DTLS client the code can be made to recurse
eventually crashing in a DoS attack.
- CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
overrun attack can be triggered by sending invalid DTLS fragments to an
OpenSSL DTLS client or server. This is potentially exploitable to run
arbitrary code on a vulnerable client or server.
- CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH
ciphersuites are subject to a denial of service attack.
Bump PKGREVISION.
|