OpenSSL: Multiple vulnerabilities — GLSA 201811-21

Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition.

Affected packages

dev-libs/openssl on all architectures
Affected versions < 1.0.2o
Unaffected versions >= 1.0.2o

Background

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details.

Impact

A remote attacker could cause a Denial of Service condition, obtain private keying material, or gain access to sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2o"
 

References

Release date
November 28, 2018

Latest revision
November 28, 2018: 1

Severity
normal

Exploitable
remote

Bugzilla entries