Updated: openssl-0.9.8t-1, openssl-devel-0.9.8t-1, libopenssl098-0.9.8t-1

Corinna Vinschen corinna-cygwin@cygwin.com
Wed Jan 18 16:33:00 GMT 2012


I've updated the version of OpenSSL to 0.9.8t-1.

This is an upstream security release.  The Cygwin release is build from
the vanilla sources, no additional patches.  Here's the official
security advisory:

------------------------------------------------------------------------
OpenSSL Security Advisory [18 Jan 2011]
=======================================

DTLS DoS attack (CVE-2012-0050)
================================

A flaw in the fix to CVE-2011-4108 can be exploited in a denial of
service attack. Only DTLS applications using OpenSSL 1.0.0f and
0.9.8s are affected.


Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix.

Affected users should upgrade to OpenSSL 1.0.0g or 0.9.8t.

References
==========

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120118.txt
------------------------------------------------------------------------


To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your
system.  Then, run setup and answer all of the questions.


*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:


cygwin-announce-unsubscribe-you=yourdomain.com@cygwin.com

If you need more information on unsubscribing, start reading here:

http://sourceware.org/lists.html#unsubscribe-simple

Please read *all* of the information on unsubscribing that is available
starting at the above URL.

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat



More information about the Cygwin-announce mailing list