FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 03-24-2010, 01:35 PM
Pierre Schmitz
 
Default openssl 0.9.8n-1

This is mainly a security update, so please sign off soon. See
http://openssl.org/news/secadv_20100324.txt

The complete changelog:

Changes between 0.9.8m and 0.9.8n [24 Mar 2010]

*) When rejecting SSL/TLS records due to an incorrect version number, never
update s->server with a new major version number. As of
- OpenSSL 0.9.8m if 'short' is a 16-bit type,
- OpenSSL 0.9.8f if 'short' is longer than 16 bits,
the previous behavior could result in a read attempt at NULL when
receiving specific incorrect SSL/TLS records once record payload
protection is active. (CVE-2010-0740)
[Bodo Moeller, Adam Langley <agl@chromium.org>]

*) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
[Tomas Hoger <thoger@redhat.com>]


--

Pierre Schmitz, https://users.archlinux.de/~pierre
 
Old 03-25-2010, 08:53 AM
Allan McRae
 
Default openssl 0.9.8n-1

On 25/03/10 00:35, Pierre Schmitz wrote:

This is mainly a security update, so please sign off soon. See
http://openssl.org/news/secadv_20100324.txt



Signoff i686.
 
Old 03-25-2010, 12:23 PM
Dan McGee
 
Default openssl 0.9.8n-1

On Thu, Mar 25, 2010 at 4:53 AM, Allan McRae <allan@archlinux.org> wrote:
> On 25/03/10 00:35, Pierre Schmitz wrote:
>>
>> This is mainly a security update, so please sign off soon. See
>> http://openssl.org/news/secadv_20100324.txt
>>
>
> Signoff i686.

Signoff x86_64
 

Thread Tools




All times are GMT. The time now is 07:00 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org