Hi Everybody
It seems that the Cygwin-X86_64 setup is installing the cygwin32 openssl
package as show in the below window capture and the find command result.
Did I miss something?
FrancisANDRE@idefix /usr find . -name *ssl.a
./i686-pc-cygwin/sys-root/usr/lib/libssl.a
./lib/w32api/libw3ssl.a
no libssl.a found in usr/x86_64-pc-cygwin/sys-root/usr/lib/
Regards
FA
Le 14/07/2015 09:39, Corinna Vinschen a écrit :
Hi folks,
I've updated the version of OpenSSL to 1.0.2d-1. This is a security
bugfix release.
OpenSSL Security Advisory [9 Jul 2015]
===
Alternative chains certificate forgery (CVE-2015-1793)
==
Severity: High
During certificate verification, OpenSSL (starting from version 1.0.1n
and
1.0.2b) will attempt to find an alternative certificate chain if the
first
attempt to build such a chain fails. An error in the implementation of
this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use
a valid
leaf certificate to act as a CA and issue an invalid certificate.
This issue will impact any application that verifies certificates
including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client
authentication.
This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p
This issue was reported to OpenSSL on 24th June 2015 by Adam
Langley/David
Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL
project.
Note
As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL
versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates
for these
releases will be provided after that date. Users of these releases are
advised
to upgrade.
References
==
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150709.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html
Peace,
Corinna
Le 14/07/2015 09:39, Corinna Vinschen a écrit :
Hi folks,
I've updated the version of OpenSSL to 1.0.2d-1. This is a security
bugfix release.
OpenSSL Security Advisory [9 Jul 2015]
===
Alternative chains certificate forgery (CVE-2015-1793)
==
Severity: High
During certificate verification, OpenSSL (starting from version 1.0.1n
and
1.0.2b) will attempt to find an alternative certificate chain if the
first
attempt to build such a chain fails. An error in the implementation of
this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use
a valid
leaf certificate to act as a CA and issue an invalid certificate.
This issue will impact any application that verifies certificates
including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client
authentication.
This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p
This issue was reported to OpenSSL on 24th June 2015 by Adam
Langley/David
Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL
project.
Note
As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL
versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates
for these
releases will be provided after that date. Users of these releases are
advised
to upgrade.
References
==
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150709.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html
Peace,
Corinna
This email has been protected by YAC (Yet Another Cleaner) http://www.yac.mx
Cygwin Configuration Diagnostics
Current System Time: Mon Aug 17 07:53:06 2015
Windows 7 Professional Ver 6.1 Build 7601 Service Pack 1
Path: C:\ASF\apache-ant-1.9.3\bin
C:\cygwin64\usr\local\bin
C:\cygwin64\bin
C:\Program Files (x86)\GALITT\Common
C:\ProgramData\Oracle\Java\javapath
C:\Python33
C:\Windows\system32
C:\Windows