Bug 1774 - openssl0.9.8 is needed for Adobe Acrobat reader.
: openssl0.9.8 is needed for Adobe Acrobat reader.
Status: RESOLVED INVALID
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Marathon
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-13 09:39 MSK by Zombie Ryushu
Modified: 2013-04-05 17:45 MSD (History)
1 user (show)

See Also:
RPM Package: openssl0.9.8
ISO-related:
Bad POT generating:
Upstream:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Zombie Ryushu 2013-03-13 09:39:48 MSK
OpenSSL 0.9.8 is required for certain programs, particularly Adobe Reader. Without this, Adobe Reader won't run, if only 1.0.0 is instelled. In the past I have used 0.9.8x, but that version is now vulnerable.

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d
does not properly perform signature verification for OCSP responses,
which allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via an invalid key
(CVE-2013-0166).

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used
in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly
consider timing side-channel attacks on a MAC check requirement
during the processing of malformed CBC padding, which allows remote
attackers to conduct distinguishing attacks and plaintext-recovery
attacks via statistical analysis of timing data for crafted packets,
aka the Lucky Thirteen issue (CVE-2013-0169).
Comment 1 Denis Silakov 2013-04-05 17:45:45 MSD
Acrobat Reader ships its local copy of openssl-0.9.9 libraries (libssl.so.0.9.8, libcrypto.so.0.9.8). 

I have Adobe Reader 9.5.1 installed in my system and it works fine.