Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-11147

OpenSSL 1.0.2 users should upgrade to 1.0.2a

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      The function X509_to_X509_REQ will crash with a NULL pointer dereference if
      the certificate key is invalid. This function is rarely used in practice.

      This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
      and 0.9.8.

      OpenSSL 1.0.2 users should upgrade to 1.0.2a
      OpenSSL 1.0.1 users should upgrade to 1.0.1m.
      OpenSSL 1.0.0 users should upgrade to 1.0.0r.
      OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

      This issue was discovered by Brian Carpenter and a fix developed by Stephen
      Henson of the OpenSSL development team.

      Note

      As per our previous announcements and our Release Strategy
      (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
      1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
      releases will be provided after that date. Users of these releases are advised
      to upgrade.

      References

      URL for this Security Advisory:
      https://www.openssl.org/news/secadv_20150319.txt

      Note: the online version of the advisory may be updated with additional
      details over time.

      For details of OpenSSL severity classifications-*****

      Attachments

        Activity

          People

            jredmond Jim Redmond (Inactive)
            Anonymous Anonymous
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: