[security] OpenSSL comes back
Lukasz J. Wielebski
lukasz.wielebski w cs.put.poznan.pl
Czw, 18 Mar 2004, 00:40:30 CET
Tak, znow bedzie o OpenSSL.
http://www.securityfocus.com/archive/1/357672/2004-03-14/2004-03-20/0
W skrocie: 2 bagi.
Pierwszy:
>> 1. Null-pointer assignment during SSL handshake
Potencjalny DoS (remote).
>> All versions of OpenSSL from 0.9.6c to 0.9.6k inclusive and from 0.9.7a
to 0.9.7c inclusive are affected by this issue.
Drugi:
2. Out-of-bounds read affects Kerberos ciphersuites
Tez potencjalny remote DoS.
>> Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL are affected by this issue.
****
W skrocie:
>> Upgrade to OpenSSL 0.9.7d or 0.9.6m. Recompile any OpenSSL
applications statically linked to OpenSSL libraries.
Milo... :(
Socrat
Więcej informacji o liście dyskusyjnej pld-devel-pl