Opened 6 years ago

Closed 11 months ago

#886 closed defect (fixed)

Upgrade FDO use of OpenSSL to version 1.0.1g from 1.0.1e.

Reported by: gregboone Owned by: gregboone
Priority: critical Milestone: 3.9.0
Component: FDO API Version: 3.9.0
Severity: 1 Keywords:
Cc: External ID:

Description

Upgrade FDO use of OpenSSL to version 1.0.1g from 1.0.1e.

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

https://www.openssl.org/news/secadv_20140407.txt

Change History (3)

comment:1 Changed 6 years ago by gregboone

Milestone: 3.8.03.9.0

comment:2 Changed 6 years ago by gregboone

Version: 3.8.03.9.0

comment:3 Changed 11 months ago by jng

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.