Modify

Opened 3 years ago

Closed 3 years ago

#17428 closed defect (fixed)

Please Update AA, BB, TRUNK Openssl Package 1.0.1i

Reported by: anonymous Owned by: developers
Priority: highest Milestone:
Component: base system Version: Trunk
Keywords: Cc:

Description

http://www.openssl.org/news/secadv_20140806.txt
Information leak in pretty printing functions (CVE-2014-3508)
Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
Double Free when processing DTLS packets (CVE-2014-3505)
DTLS memory exhaustion (CVE-2014-3506)
DTLS memory leak from zero-length fragments (CVE-2014-3507)
OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
SRP buffer overrun (CVE-2014-3512)

Attachments (0)

Change History (4)

comment:1 Changed 3 years ago by hauke

  • Resolution set to fixed
  • Status changed from new to closed

This was fixed in r42055 and r42056 in trunk and BB.

comment:2 Changed 3 years ago by anonymous

  • Resolution fixed deleted
  • Status changed from closed to reopened

AA not fixed yet

comment:3 Changed 3 years ago by e3k

how long does it take to get openssl101i to http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/packages/?

in other words do i have to learn how to compile on my router?

comment:4 Changed 3 years ago by florian

  • Resolution set to fixed
  • Status changed from reopened to closed

There are no plans to fix AA at this point, you would have to build your own updated package.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.