An OpenSource VooDoo cIRCle - security advisory 20090123-01

Persistent URL of this advisory is available at http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html

Summary

In Win32/64 binary releases there are vulnerable OpenSSL files. All users ar encouraged to upgrade to the latest version.

In-depth

See vendor's advisory at http://www.openssl.org/news/secadv_20090107.txt.

Workaround

There is no known workaround at this time.

Solution

Update to the latest version, 1.1.34, which is not vulnerable. Versions using older OpenSSL library, though on any platform, are vulnerable, that is, all binary-distributed versions of VooDoo cIRCle prior to 1.1.34.

Cahngelog

2009-01-23 - Initial version
2009-01-24 - Added Cahngelog section
2009-01-24 - Updated Solution section, to clarify which versions are affected
2009-01-25 - Appended RCS ID
2009-01-25 - Made persistent URL of this advisory clickable (hyperlink)
2009-03-26 - Changed sf.net logo at the bottom of this page

Legal notice

Some names used in this document may be registered trademarks of their respective owners.
Get VooDoo cIRCle at SourceForge.net. Fast, secure and Free Open Source software downloads