LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 04-14-2014, 02:41 PM   #1
BenCollver
Rogue Class
 
Registered: Sep 2006
Location: OR, USA
Distribution: Slackware 14.1
Posts: 161

Rep: Reputation: 51
Thumbs down new OpenSSL use-after-free race condition


http://ftp.openbsd.org/pub/OpenBSD/p..._openssl.patch

A use-after-free race condition in OpenSSL's read buffer may permit an attacker to inject data from one connection into another.
 
Old 04-14-2014, 03:42 PM   #2
mancha
Member
 
Registered: Aug 2012
Posts: 357

Rep: Reputation: Disabled
I've placed a fix at the vault: openssl-1.0.1g_CVE-2010-5298.diff.

--mancha
 
Old 04-14-2014, 07:41 PM   #3
BenCollver
Rogue Class
 
Registered: Sep 2006
Location: OR, USA
Distribution: Slackware 14.1
Posts: 161

Original Poster
Rep: Reputation: 51
@Mancha:

That was a quick fix. Also thanks for the nice bug review in your security thread.
 
1 members found this post helpful.
Old 04-15-2014, 12:42 PM   #4
mancha
Member
 
Registered: Aug 2012
Posts: 357

Rep: Reputation: Disabled
Quote:
Originally Posted by BenCollver View Post
That was a quick fix.
It seemed quicker than it really was. I had already put that fix together and was actually wrapping up my regression testing
when I saw your post. So, I slapped the CVE identifier on it and uploaded to the vault.

Quote:
Originally Posted by BenCollver View Post
Also thanks for the nice bug review in your security thread.
Thanks! And thanks to you for bringing it up in this thread and making Slackers aware of the issue.

--mancha

Last edited by mancha; 04-16-2014 at 04:12 AM. Reason: stylistic
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenSSL TLS Server Extension Parsing Race Condition Vulnerability win32sux Linux - Security 0 11-16-2010 05:30 PM
What is race condition? LinuxInfo Programming 1 09-15-2008 10:44 PM
Kded race condition during automounting SpelledJ Slackware 6 10-25-2007 02:51 PM
Race condition in /etc/rc.d/ with latest -current ? Yalla-One Slackware 1 08-06-2006 03:23 PM
race condition in close socket?? jwstric2 Programming 3 03-18-2005 06:01 PM


All times are GMT -5. The time now is 02:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration