FEDORA-2016-1f15fef6d4 created by tmraz 4 years ago for Fedora 23
obsolete

New upstream release fixing security issues.

Note that SSLv2 was already disabled by default in Fedora OpenSSL.

This update has been submitted for testing by tmraz.

4 years ago
User Icon rdieter commented & provided feedback 4 years ago

this update breaks ABI compared to openssl-1.0.2f-1.fc23.x86_64, qt5 (libQt5Network) now has unresolved symbols: symbol SSLv2_client_method, version libssl.so.10 not defined in file libssl.so.10 with link time reference (/usr/lib64/libQt5Network.so) symbol SSLv2_server_method, version libssl.so.10 not defined in file libssl.so.10 with link time reference (/usr/lib64/libQt5Network.so)

User Icon mattdm commented & provided feedback 4 years ago
karma

Confirming ABI breakage. Since the security vulnerabilities are low severity, let's figure all that out first.

User Icon anonymous commented & provided feedback 4 years ago

KDM fails to load with this update (kdm: :0[1304]: Received unknown or unexpected command -2 from greeter; kdm: :0[1104]: Abnormal termination of greeter for display :0, code 127, signal 0; kdm[801]: plymouth is NOT running; )(ntpd_intres[726]: host name not found EAI_NODATA: 3.fedora.pool.ntp:org)

User Icon ausil commented & provided feedback 4 years ago
karma

confirming broken ABI

User Icon kevin commented & provided feedback 4 years ago
karma

Yep. Sadly confirm here too.

User Icon hreindl commented & provided feedback 4 years ago
karma

breaks half of the distribution - first i thought it's my httpd+php build with a optimized rebuild of the openssl src.rpm

well, rebuilt PHP and it's happy while other services using openssl like dogvecot/postfix where fine

but when mit muisc player daemon and the display-manager refuse to start fun is over

Mar 2 01:34:14 srv-rhsoft sddm: /usr/bin/sddm: relocation error: /lib64/libQt5Network.so.5: symbol SSLv2_client_method, version libssl.so.10 not defined in file libssl.so.10 with link time reference Mar 2 01:34:14 srv-rhsoft sddm: /usr/bin/sddm: relocation error: /lib64/libQt5Network.so.5: symbol SSLv2_client_method, version libssl.so.10 not defined in file libssl.so.10 with link time reference Mar 2 01:34:14 srv-rhsoft sddm: /usr/bin/sddm: relocation error: /lib64/libQt5Network.so.5: symbol SSLv2_client_method, version libssl.so.10 not defined in file libssl.so.10 with link time reference Mar 2 01:34:15 srv-rhsoft sddm: /usr/bin/sddm: relocation error: /lib64/libQt5Network.so.5: symbol SSLv2_client_method, version libssl.so.10 not defined in file libssl.so.10 with link time reference Mar 2 01:34:15 srv-rhsoft sddm: /usr/bin/sddm: relocation error: /lib64/libQt5Network.so.5: symbol SSLv2_client_method, version libssl.so.10 not defined in file libssl.so.10 with link time reference

This update has been obsoleted by openssl-1.0.2g-2.fc23.

4 years ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
-4
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
2
Dates
submitted
4 years ago
BZ#1310596 CVE-2016-0705 OpenSSL: Double-free in DSA code
0
0
BZ#1310599 CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation
0
0
BZ#1312219 CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions
0
0
BZ#1312856 CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions [fedora-all]
0
0
BZ#1312860 CVE-2016-0705 OpenSSL: Double-free in DSA code [fedora-all]
0
0

Automated Test Results