Hi, Please can I enquire what the actual vulnerability is with...
Information leak in pretty printing functions (CVE-2014-3508) ============================================================= A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. OpenSSL 0.9.8 users should upgrade to 0.9.8zb OpenSSL 1.0.0 users should upgrade to 1.0.0n. OpenSSL 1.0.1 users should upgrade to 1.0.1i. Thanks to Ivan Fratric (Google) for discovering this issue. This issue was reported to OpenSSL on 19th June 2014. The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL development team. I have tried to look up CVE-2014-3508 and found it is not there yet. What is meant by echo pretty printing output to the attacker? Thank you for your assistance and look forward to your response. Thanks.. John [Unify: Harmonize your enterprise] John Simner BSc(Hons) MSc CEng. MIET Software Engineer, Devices Development Unify Enterprise Communications Ltd. Tel.: +44 (1908) 817378 (One Number Service) Email: john.sim...@unify.com <mailto:vorname.n...@unify.com> www.unify.co.uk<http://www.unify.co.uk/> Follow us: [Social_media_icons] <http://www.unify.com/social-media> Unify Enterprise Communications Limited. Registered Office: Brickhill Street, Willen Lake, Milton Keynes, MK15 0DJ Registered No: 5903714, England. This email contains confidential information and is for the exclusive use of the addressee. If you are not the addressee then any distribution, copying, or use of this email is prohibited. If received in error, please advise the sender and delete immediately. We accept no liability for any loss or damage suffered by any person arising from use of this email.
