linuxdcpp-team team mailing list archive

Thread
Date

[Bug 676246] Re: OpenSSL Update / Bzip2 Update (Critical)

To: linuxdcpp-team@xxxxxxxxxxxxxxxxxxx
From: Toast <676246@xxxxxxxxxxxxxxxxxx>
Date: Tue, 16 Nov 2010 21:03:33 -0000
Reply-to: Bug 676246 <676246@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: dcplusplus
       Status: New => Confirmed

** Changed in: dcplusplus
   Importance: Undecided => Critical

** Changed in: dcplusplus
     Assignee: (unassigned) => Dcplusplus-team (dcplusplus-team)

-- 
OpenSSL Update / Bzip2 Update (Critical)
https://bugs.launchpad.net/bugs/676246
You received this bug notification because you are a member of
Dcplusplus-team, which is a direct subscriber.

Status in DC++: Confirmed

Bug description:
A flaw has been found in the OpenSSL TLS server extension code parsing which
on affected servers can be exploited in a buffer overrun attack.

The OpenSSL security team would like to thank Rob Hulswit for reporting this
issue.

The fix was developed by Dr Stephen Henson of the OpenSSL core team.

This vulnerability is tracked as CVE-2010-3864
http://openssl.org/news/secadv_20101116.txt

Bzip2:

Version 1.0.6 removes a potential security vulnerability, CVE-2010-0405, so all users are recommended to upgrade immediately.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405

References

[Bug 676246] [NEW] OpenSSL Update / Bzip2 Update (Critical)
From: iceman50, 2010-11-16