1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200710-30 / openssl |
| Release Date | October 27, 2007 |
| Latest Revision | October 30, 2007: 03 |
| Impact | high |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| dev-libs/openssl | < 0.9.8f | >= 0.9.8f | All supported architectures |
Related bugreports: #195634
OpenSSL contains a vulnerability allowing execution of arbitrary code or a Denial of Service.
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.
Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is caused due to an unspecified off-by-one error within the DTLS implementation.
A remote attacker could exploit this issue to execute arbitrary code or cause a Denial of Service. Only clients and servers explicitly using DTLS are affected, systems using SSL and TLS are not.
There is no known workaround at this time.
All OpenSSL users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8f" |