OpenSSL: Multiple vulnerabilities

OpenSSL: Multiple vulnerabilities Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks. openssl 2014-12-26 2015-06-06 494816 519264 525468 remote 1.0.1j 0.9.8z_p2 0.9.8z_p3 0.9.8z_p4 0.9.8z_p5 0.9.8z_p6 0.9.8z_p7 0.9.8z_p8 0.9.8z_p9 0.9.8z_p10 0.9.8z_p11 0.9.8z_p12 0.9.8z_p13 0.9.8z_p14 0.9.8z_p15 1.0.1j

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

A remote attacker may be able to cause a Denial of Service condition, perform Man-in-the-Middle attacks, obtain sensitive information, or bypass security restrictions.

There is no known workaround at this time.

All OpenSSL 1.0.1 users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j"

All OpenSSL 0.9.8 users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.

CVE-2013-6449 CVE-2013-6450 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2014-5139 K_F K_F