Security
Security
Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition.
| Package | dev-libs/openssl on all architectures |
|---|---|
| Affected versions | < 1.0.2n |
| Unaffected versions | >= 1.0.2n |
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details.
A remote attacker could cause a Denial of Service condition, recover a private key in unlikely circumstances, circumvent security restrictions to perform unauthorized actions, or gain access to sensitive information.
There are no known workarounds at this time.
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2n"