ROSA Linux Bugzilla – Bug 1774
openssl0.9.8 is needed for Adobe Acrobat reader.
Last modified: 2013-04-05 17:45:45 MSD
OpenSSL 0.9.8 is required for certain programs, particularly Adobe Reader. Without this, Adobe Reader won't run, if only 1.0.0 is instelled. In the past I have used 0.9.8x, but that version is now vulnerable.
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d
does not properly perform signature verification for OCSP responses,
which allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via an invalid key
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used
in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly
consider timing side-channel attacks on a MAC check requirement
during the processing of malformed CBC padding, which allows remote
attackers to conduct distinguishing attacks and plaintext-recovery
attacks via statistical analysis of timing data for crafted packets,
aka the Lucky Thirteen issue (CVE-2013-0169).
Acrobat Reader ships its local copy of openssl-0.9.9 libraries (libssl.so.0.9.8, libcrypto.so.0.9.8).
I have Adobe Reader 9.5.1 installed in my system and it works fine.