Recent OpenSSL vulnerability
-
Does anyone know if CVE-2012-2110 is a problem for us?
http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html
It involves Integer overflows in certificate parsing so I presume it does…...
-
From what I've heard, OpenVPN is vulnerable to that. If that turns out to be true, we'll probably roll out a 2.0.2 in the very near future.
-
FreeBSD finally issued their own SA for OpenSSL… which is a bit scarier than the ones I'd read before:
http://security.freebsd.org/advisories/FreeBSD-SA-12:01.openssl.asc
-
Jimp,
Can you make a howto on patching this?
-
Step 1. Update to 2.0.2.
Step 2. There is no step 2.:-)
-
Jimp…
I don't see 2.0.2 in the mirrors, or the firmware updater in the GUI.
What do you think? Is it a development snap?
Thanks.
Step 1. Update to 2.0.2.
Step 2. There is no step 2.:-)
-
It's not available yet. That issue doesn't pose an imminent threat, we're working on testing the update.
-
Thanks!
@cmb:
It's not available yet. That issue doesn't pose an imminent threat, we're working on testing the update.