Lucene search

K
gentooGentoo FoundationGLSA-201312-03
HistoryDec 03, 2013 - 12:00 a.m.

OpenSSL: Multiple Vulnerabilities

2013-12-0300:00:00
Gentoo Foundation
security.gentoo.org
22

0.183 Low

EPSS

Percentile

96.2%

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Impact

Remote attackers can determine private keys, decrypt data, cause a Denial of Service or possibly have other unspecified impact.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 1.0.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0j"

All OpenSSL 0.9.8 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8y"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-libs/openssl< 1.0.0jUNKNOWN