LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
Reload this Page new OpenSSL use-after-free race condition
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 04-14-2014, 01:41 PM   #1
BenCollver
Rogue Class
 
Registered: Sep 2006
Location: OR, USA
Distribution: Slackware64-15.0
Posts: 375
Blog Entries: 2

Rep: Reputation: 172Reputation: 172
Thumbs down new OpenSSL use-after-free race condition

http://ftp.openbsd.org/pub/OpenBSD/p..._openssl.patch

A use-after-free race condition in OpenSSL's read buffer may permit an attacker to inject data from one connection into another.
 
Old 04-14-2014, 02:42 PM   #2
mancha
Member
 
Registered: Aug 2012
Posts: 484

Rep: Reputation: Disabled
I've placed a fix at the vault: openssl-1.0.1g_CVE-2010-5298.diff.

--mancha
 
Old 04-14-2014, 06:41 PM   #3
BenCollver
Rogue Class
 
Registered: Sep 2006
Location: OR, USA
Distribution: Slackware64-15.0
Posts: 375

Original Poster
Blog Entries: 2

Rep: Reputation: 172Reputation: 172
@Mancha:

That was a quick fix. Also thanks for the nice bug review in your security thread.
 
1 members found this post helpful.
Old 04-15-2014, 11:42 AM   #4
mancha
Member
 
Registered: Aug 2012
Posts: 484

Rep: Reputation: Disabled
Quote:
Originally Posted by BenCollver View Post
That was a quick fix.
It seemed quicker than it really was. I had already put that fix together and was actually wrapping up my regression testing
when I saw your post. So, I slapped the CVE identifier on it and uploaded to the vault.

Quote:
Originally Posted by BenCollver View Post
Also thanks for the nice bug review in your security thread.
Thanks! And thanks to you for bringing it up in this thread and making Slackers aware of the issue.

--mancha
Last edited by mancha; 04-16-2014 at 03:12 AM. Reason: stylistic
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenSSL TLS Server Extension Parsing Race Condition Vulnerability win32sux Linux - Security 0 11-16-2010 04:30 PM
What is race condition? LinuxInfo Programming 1 09-15-2008 09:44 PM
Kded race condition during automounting SpelledJ Slackware 6 10-25-2007 01:51 PM
Race condition in /etc/rc.d/ with latest -current ? Yalla-One Slackware 1 08-06-2006 02:23 PM
race condition in close socket?? jwstric2 Programming 3 03-18-2005 05:01 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 11:39 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration