[Bug 56596] New: OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

bugzilla Thu, 05 Jun 2014 15:28:11 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=56596


            Bug ID: 56596
           Summary: OpenSSL 1.0.1g is vulnerable to a man-in-the-middle
                    attack
           Product: Tomcat Native
           Version: 1.1.30
          Hardware: PC
            Status: NEW
          Severity: major
          Priority: P2
         Component: Library
          Assignee: dev@tomcat.apache.org
          Reporter: bsa...@benefitconcepts.com

Open SSL has issued a security advisory against a man-in -the-middle attack
vulnerability and recommends to upgrade to open ssl version 1.0.1h
The latest Tomcat native library was build using openssl 1.0.1g.

Please create a new build with the latest open SSL version 1.0.1h to mitigate
this vulnerability in tomcat native library. 

The following links describe the vulnerability - 
https://www.us-cert.gov/ncas/current-activity/2014/06/05/OpenSSL-Releases-Security-Advisory
http://www.openssl.org/news/secadv_20140605.txt
http://www.kb.cert.org/vuls/id/978508

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 56596] New: OpenSSL 1.0.1g is vulnerable to a man-in-the-middle attack

Reply via email to