[Full-disclosure] OpenSSL Security Advisory
- From: Mark J Cox <mark@xxxxxxxxxxx>
- Date: Tue, 24 Apr 2012 08:39:07 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
OpenSSL Security Advisory [24 Apr 2012]
=======================================
ASN1 BIO incomplete fix (CVE-2012-2131)
=======================================
It was discovered that the fix for CVE-2012-2110 released on 19 Apr
2012 was not sufficient to correct the issue for OpenSSL 0.9.8.
Please see http://www.openssl.org/news/secadv_20120419.txt for details
of that vulnerability.
This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i
already contain a patch sufficient to correct CVE-2012-2110.
Thanks to Red Hat for discovering and fixing this issue.
Affected users should upgrade to 0.9.8w.
References
==========
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120424.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQCVAwUBT5ZV8+6tTP1JpWPZAQIQHwQAvrWr3lRsvFkskFR1apYn/xf0l7cUABGX
HUUtmDRQJuYFyK0UMdInvcrZ7W82FhzzuGNLwnwI5b8Ttn4oOwcntM335WMf8d10
O4S7OjJmjpNEM1Lb0Ik9ZQdxJTepuWgG4iNKXtZIMdY8amCC+a0jPcwDzji2RfHP
OKUh7LxTI5E=
=HggZ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: [Full-disclosure] BeyondCHM 1.1 Buffer Overflow
- Next by Date: [Full-disclosure] Fwd: Vulnerability research and exploit writing
- Previous by thread: [Full-disclosure] BeyondCHM 1.1 Buffer Overflow
- Next by thread: [Full-disclosure] Fwd: Vulnerability research and exploit writing
- Index(es):
Relevant Pages
|
