OpenSSL: Multiple Vulnerabilities

OpenSSL: Multiple Vulnerabilities Multiple vulnerabilities have been found in OpenSSL allowing remote attackers to determine private keys or cause a Denial of Service. OpenSSL 2013-12-03 2015-06-06 369753 406199 412643 415435 455592 remote 1.0.0j 0.9.8y 0.9.8z_p1 0.9.8z_p2 0.9.8z_p3 0.9.8z_p4 0.9.8z_p5 0.9.8z_p6 0.9.8z_p7 0.9.8z_p8 0.9.8z_p9 0.9.8z_p10 0.9.8z_p11 0.9.8z_p12 0.9.8z_p13 0.9.8z_p14 0.9.8z_p15 1.0.0j 0.9.8y

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Remote attackers can determine private keys, decrypt data, cause a Denial of Service or possibly have other unspecified impact.

There is no known workaround at this time.

All OpenSSL 1.0.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0j"

All OpenSSL 0.9.8 users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8y"

CVE-2006-7250 CVE-2011-1945 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2333 CVE-2012-2686 CVE-2013-0166 CVE-2013-0169 underling n0idx80