Repository 32bit  Forum
Repository 64bit  Wiki
Tue Apr 8 14:19:51 UTC 2014
a/openssl-solibs-1.0.1g-i486-1.txz: Upgraded.
n/openssl-1.0.1g-i486-1.txz: Upgraded.
  This update fixes two security issues:
  A missing bounds check in the handling of the TLS heartbeat extension
  can be used to reveal up to 64k of memory to a connected client or server.
  Thanks for Neel Mehta of Google Security for discovering this bug and to
  Adam Langley and Bodo Moeller for
  preparing the fix.
  Fix for the attack described in the paper "Recovering OpenSSL
  ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
  by Yuval Yarom and Naomi Benger. Details can be obtained from:
  http://eprint.iacr.org/2014/140
  For more information, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
  (* Security fix *)