Gentoo update for OpenSSL

Published: 2018-11-09 09:46:06 | Updated: 2018-11-09
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-0732
Exploitation vector Network
Public exploit N/A
Vulnerable software Gentoo Linux
Vulnerable software versions Gentoo Linux -
Vendor URL Gentoo

Security Advisory

1) Improper input validation


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to improper handling of large prime values by the affected software during key agreement operations in a Transport Layer Security (TLS) handshake using an Ephemeral Diffie-Hellman (DHE) based cipher suite. A remote attacker can send a large prime value from a malicious OpenSSL server to a targeted OpenSSL client and cause the client to stop responding while generating a key for the prime value.


Update the affected packages.
dev-libs/openssl to version: 1.0.2o-r6

External links

Back to List