[arch-security] OpenSSL: CVE-2014-0198
ushi
ushi+arch at honkgong.info
Sun May 18 11:32:41 EDT 2014
Hey all,
This affects OpenSSL 1.x through 1.0.1g - The function do_ssl3_write is
broken, when used with SSL_MODE_RELEASE_BUFFERS.
According to the RedHat bug tracker, this is done at least by ruby and
nodejs:
https://bugzilla.redhat.com/show_bug.cgi?id=1093837#c1
Nist:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0198
Debian Security Tracker:
https://security-tracker.debian.org/tracker/CVE-2014-0198
Fix:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b107586
More information about the arch-security
mailing list