[Bug 217295] security/linux-c7-openssl: update to 1.0.1e-60.el7_3.1

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217295

            Bug ID: 217295
           Summary: security/linux-c7-openssl: update to 1.0.1e-60.el7_3.1
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: emulation at FreeBSD.org
          Reporter: pkubaj at anongoth.pl
             Flags: maintainer-feedback?(emulation at FreeBSD.org)
          Assignee: emulation at FreeBSD.org

Created attachment 180217
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=180217&action=edit
patch

Changelog:
* An integer underflow leading to an out of bounds read flaw was found in
OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit
TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.
(CVE-2017-3731)

* A denial of service flaw was found in the way the TLS/SSL protocol defined
processing of ALERT packets during a connection handshake. A remote attacker
could use this flaw to make a TLS/SSL server consume an excessive amount of CPU
and fail to accept connections form other clients. (CVE-2016-8610)

Link: https://rhn.redhat.com/errata/RHSA-2017-0286.html

Builds fine on Poudriere on 10.3-RELEASE.

-- 
You are receiving this mail because:
You are the assignee for the bug.