openssl: security update to 0.9.8w. (CVE-2012-2131).

SN1 BIO incomplete fix (CVE-2012-2131) ======================================= It was discovered that the fix for CVE-2012-2110 released on 19 Apr 2012 was not sufficient to correct the issue for OpenSSL 0.9.8. Please see http://www.openssl.org/news/secadv_20120419.txt for details of that vulnerability. This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i already contain a patch sufficient to correct CVE-2012-2110. Thanks to Red Hat for discovering and fixing this issue. Affected users should upgrade to 0.9.8w. References ========== URL for this Security Advisory: http://www.openssl.org/news/secadv_20120424.txt
2026-04-13 12:32:59 +02:00 · 2012-05-02 19:42:02 +02:00
parent 75c2cf6f51
commit a6f4183e83
2 changed files with 3 additions and 3 deletions
--- a/config/rootfiles/common/openssl
+++ b/config/rootfiles/common/openssl
@@ -1116,7 +1116,6 @@ usr/lib/libssl.so.0.9.8
 #usr/share/man/man3/dsa.3
 #usr/share/man/man3/ecdsa.3
 #usr/share/man/man3/engine.3
-#usr/share/man/man3/err.3
 #usr/share/man/man3/evp.3
 #usr/share/man/man3/hmac.3
 #usr/share/man/man3/i2d_ASN1_OBJECT.3
@@ -1164,6 +1163,7 @@ usr/lib/libssl.so.0.9.8
 #usr/share/man/man3/md5.3
 #usr/share/man/man3/mdc2.3
 #usr/share/man/man3/pem.3
+#usr/share/man/man3/rand.3
 #usr/share/man/man3/rc4.3
 #usr/share/man/man3/ripemd.3
 #usr/share/man/man3/rsa.3
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@

 include Config

-VER        = 0.9.8u
+VER        = 0.9.8w

 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = cb41e94f762ed63e41d1cca2b8430ede
+$(DL_FILE)_MD5 = 4ceb7d570e42c094b360cc7b8e848a0b

 install : $(TARGET)