openssl: security update to 0.9.8x (CVE-2012-2333).

Invalid TLS/DTLS record attack (CVE-2012-2333) =============================================== A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers. DTLS applications are affected in all versions of OpenSSL. TLS is only affected in OpenSSL 1.0.1 and later. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. The fix was developed by Stephen Henson of the OpenSSL core team. Affected users should upgrade to OpenSSL 1.0.1c, 1.0.0j or 0.9.8x References ========== URL for this Security Advisory: http://www.openssl.org/news/secadv_20120510.txt
2026-04-28 11:43:25 +02:00 · 2012-05-12 15:30:38 +02:00
parent 6666803d83
commit 423d77a71f
1 changed files with 2 additions and 2 deletions
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@

 include Config

-VER        = 0.9.8w
+VER        = 0.9.8x

 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = 4ceb7d570e42c094b360cc7b8e848a0b
+$(DL_FILE)_MD5 = ee17e9bc805c8cc7d0afac3b0ef78eda

 install : $(TARGET)