An OpenSource VooDoo cIRCle - security advisory 20100624-01

Persistent URL of this advisory is available at http://voodoo-circle.sourceforge.net/sa/sa-20100624-01.html

Summary

In Win32/64 binary releases there are vulnerable OpenSSL DLL files. All users ar encouraged to upgrade to the latest version.

In-depth

See list of URLs of original advisories:
---
http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest
http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest

http://openssl.org/news/secadv_20091111.txt
http://archive.netbsd.se/?ml=openssl-announce&a=2010-02&m=12477250
http://rt.openssl.org/Ticket/Display.html?id=2111&user=guest&pass=guest

http://cvs.openssl.org/chngview?cn=19068
http://cvs.openssl.org/chngview?cn=19069
https://issues.rpath.com/browse/RPL-3157
https://bugzilla.redhat.com/show_bug.cgi?id=546707

http://cvs.openssl.org/chngview?cn=19374
http://www.openssl.org/news/secadv_20100324.txt

http://www.openssl.org/news/secadv_20100601.txt

Workaround

There is no known workaround at this time.

Solution

Update to the latest version, VooDoo cIRCle 1.1.40, which is not vulnerable.

All Windows users using binary builds are strongly encouraged to download the latest version of VooDoo cIRCle.

Cahngelog

2010-06-24 - Initial revision

Legal notice

Some names used in this document may be registered trademarks of their respective owners.
Get VooDoo cIRCle at SourceForge.net. Fast, secure and Free Open Source software downloads