Three vulnerabilities have been found in OpenSSL via a commercial test suite for the TLS protocol developed by Codenomicon Ltd.
|Package||dev-libs/openssl on all architectures|
|Affected versions||<= 0.9.7c|
|Unaffected versions||>= 0.9.7d
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
Although there are no public exploits known for bug, users are recommended to upgrade to ensure the security of their infrastructure.
There is no immediate workaround; a software upgrade is required. The vulnerable function in the code has been rewritten.
All users are recommened to upgrade openssl to either 0.9.7d or 0.9.6m:
# emerge sync # emerge -pv ">=dev-libs/openssl-0.9.7d" # emerge ">=dev-libs/openssl-0.9.7d"
March 17, 2004
May 22, 2006: 02