linuxdcpp-team team mailing list archive

Thread
Date

[Bug 676246] Re: OpenSSL Update / Bzip2 Update (Critical)

To: linuxdcpp-team@xxxxxxxxxxxxxxxxxxx
From: eMTee <676246@xxxxxxxxxxxxxxxxxx>
Date: Fri, 03 Dec 2010 22:15:50 -0000
Reply-to: Bug 676246 <676246@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: dcplusplus
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is a direct subscriber.
https://bugs.launchpad.net/bugs/676246

Title:
  OpenSSL Update / Bzip2 Update (Critical)

Status in DC++:
  Fix Committed

Bug description:
  A flaw has been found in the OpenSSL TLS server extension code parsing which
on affected servers can be exploited in a buffer overrun attack.

The OpenSSL security team would like to thank Rob Hulswit for reporting this
issue.

The fix was developed by Dr Stephen Henson of the OpenSSL core team.

This vulnerability is tracked as CVE-2010-3864
http://openssl.org/news/secadv_20101116.txt

Bzip2:

Version 1.0.6 removes a potential security vulnerability, CVE-2010-0405, so all users are recommended to upgrade immediately.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405

References

[Bug 676246] [NEW] OpenSSL Update / Bzip2 Update (Critical)
From: iceman50, 2010-11-16