Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure.
|Package||dev-libs/openssl on all architectures|
|Affected versions||< 1.0.1l-r1|
|Unaffected versions||>= 1.0.1l-r1
revision >= 0.9.8z_p5
revision >= 0.9.8z_p6
revision >= 0.9.8z_p7
revision >= 0.9.8z_p8
revision >= 0.9.8z_p9
revision >= 0.9.8z_p10
revision >= 0.9.8z_p11
revision >= 0.9.8z_p12
revision >= 0.9.8z_p13
revision >= 0.9.8z_p14
revision >= 0.9.8z_p15
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.
Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers and the upstream advisory referenced below for details:
The following issues affect OpenSSL 1.0.2 only which is not part of the supported Gentoo stable tree:
A remote attacker can utilize multiple vectors to cause Denial of Service or Information Disclosure.
There is no known workaround at this time.
All OpenSSL 1.0.1 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1l-r1"
All OpenSSL 0.9.8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p5-r1"
Packages which depend on the OpenSSL library need to be restarted for the upgrade to take effect. Some packages may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.
March 19, 2015
June 06, 2015: 2