An OpenSource VooDoo cIRCle - security advisory 20100624-02

Persistent URL of this advisory is available at http://voodoo-circle.sourceforge.net/sa/sa-20100624-02.html

Summary

In Win32 binary release of sub-project XTelnet there are vulnerable OpenSSL DLL files. All users ar encouraged to upgrade to the latest version.

In-depth

See list of URLs of original advisories:
---
http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest
http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest

http://openssl.org/news/secadv_20091111.txt
http://archive.netbsd.se/?ml=openssl-announce&a=2010-02&m=12477250
http://rt.openssl.org/Ticket/Display.html?id=2111&user=guest&pass=guest

http://cvs.openssl.org/chngview?cn=19068
http://cvs.openssl.org/chngview?cn=19069
https://issues.rpath.com/browse/RPL-3157
https://bugzilla.redhat.com/show_bug.cgi?id=546707

http://cvs.openssl.org/chngview?cn=19374
http://www.openssl.org/news/secadv_20100324.txt

http://www.openssl.org/news/secadv_20100601.txt

Workaround

There is no known workaround at this time.

Solution

All Windows users using binary builds are strongly encouraged to download the latest version of XTelnet.

Cahngelog

2010-06-24 - Initial revision

Legal notice

Some names used in this document may be registered trademarks of their respective owners.
Get VooDoo cIRCle at SourceForge.net. Fast, secure and Free Open Source software downloads