[Full-disclosure] OpenSSL Security Advisory
Mark J Cox
mark at openssl.org
Tue Apr 24 08:39:07 BST 2012
-----BEGIN PGP SIGNED MESSAGE-----
OpenSSL Security Advisory [24 Apr 2012]
ASN1 BIO incomplete fix (CVE-2012-2131)
It was discovered that the fix for CVE-2012-2110 released on 19 Apr
2012 was not sufficient to correct the issue for OpenSSL 0.9.8.
Please see http://www.openssl.org/news/secadv_20120419.txt for details
of that vulnerability.
This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i
already contain a patch sufficient to correct CVE-2012-2110.
Thanks to Red Hat for discovering and fixing this issue.
Affected users should upgrade to 0.9.8w.
URL for this Security Advisory:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
-----END PGP SIGNATURE-----
Full-Disclosure is hosted and sponsored by Secunia.