CLD-363 Details
Other IDs this deficiency may be known by:
Basic Information:
| Affected Package(s) |
openssl |
| Deficiency Type |
SECURITY |
| Date Created |
2018-04-16 13:16:22 |
| Date Last Modified |
2018-08-16 11:00:40 |
Version Specific Information:
| Cucumber 1.0 i686 | fixed in openssl-1.0.2p-i686-1 |
| Cucumber 1.0 x86_64 | fixed in openssl-1.0.2p-x86_64-1 and openssl-lib_i686-1.0.2p-lib_i686-1 |
| Cucumber 1.1 i686 |
fixed in openssl-1.0.2p-i686-1 |
| Cucumber 1.1 x86_64 |
fixed in openssl-1.0.2p-x86_64-1 and openssl-lib_i686-1.0.2p-lib_i686-1 |
Details:
See https://www.openssl.org/news/secadv/20180416.txt and
http://www.openwall.com/lists/oss-security/2018/04/16/3.
OpenSSL has known about this vulnerability since January 2017 (that's over one
year) and has only acknowledged it now. They state it is a minor problem, so we
will not get a patch until they make their next routine release.
LibreSSL also knew about this vulnerability in January 2017. They published a
patch almost immediately. Good thing we're planning to switch to it in 2.0.