[Full-disclosure] OpenSSL Security Advisory



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OpenSSL Security Advisory [24 Apr 2012]
=======================================

ASN1 BIO incomplete fix (CVE-2012-2131)
=======================================

It was discovered that the fix for CVE-2012-2110 released on 19 Apr
2012 was not sufficient to correct the issue for OpenSSL 0.9.8.

Please see http://www.openssl.org/news/secadv_20120419.txt for details
of that vulnerability.

This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i
already contain a patch sufficient to correct CVE-2012-2110.

Thanks to Red Hat for discovering and fixing this issue.

Affected users should upgrade to 0.9.8w.

References
==========

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120424.txt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQCVAwUBT5ZV8+6tTP1JpWPZAQIQHwQAvrWr3lRsvFkskFR1apYn/xf0l7cUABGX
HUUtmDRQJuYFyK0UMdInvcrZ7W82FhzzuGNLwnwI5b8Ttn4oOwcntM335WMf8d10
O4S7OjJmjpNEM1Lb0Ik9ZQdxJTepuWgG4iNKXtZIMdY8amCC+a0jPcwDzji2RfHP
OKUh7LxTI5E=
=HggZ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • openssl ASN bug?
    ... There was a security advisory about openssl <0.9.7b having a bug in ... the ASN encoding code on 30th Sept 03 and now I'm wondering what to do ...
    (freebsd-questions)
  • Re: am I NOT hacked?
    ... security advisory. ... and the feature that contains the Heartbleed problem ... was only implemented after OpenSSL 1.0. ... That said, the advisory also contained another OpenSSL security problem, ...
    (FreeBSD-Security)
  • new versions of openssl released today
    ... New versions of openssl were released today that fix several security ... Looking at the security advisory below, they sound pretty ...
    (freebsd-stable)