Opened 9 years ago

Closed 4 years ago

#886 closed defect (fixed)

Upgrade FDO use of OpenSSL to version 1.0.1g from 1.0.1e.

Reported by: gregboone Owned by: gregboone
Priority: critical Milestone: 3.9.0
Component: FDO API Version: 3.9.0
Severity: 1 Keywords:
Cc: External ID:

Description

Upgrade FDO use of OpenSSL to version 1.0.1g from 1.0.1e.

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

https://www.openssl.org/news/secadv_20140407.txt

Change History (3)

comment:1 by gregboone, 9 years ago

Milestone: 3.8.03.9.0

comment:2 by gregboone, 9 years ago

Version: 3.8.03.9.0

comment:3 by jng, 4 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.