# New OpenSSL security advisory

## freke

https://www.openssl.org/news/secadv_20150611.txt - time to move to 1.0.1n (or 1.0.2b)?

----------

## eccerr0r

File a security bug on bugs.gentoo.org if there isn't already one.

Thanks for finding this!

----------

## desultory

There is already a bug in progress for this.

----------

## kernelOfTruth

Before and/or during updating watch out:

There's an ABI change:

http://www.golem.de/news/sicherheitsluecken-openssl-update-verursacht-abi-probleme-1506-114638.html

 *Quote:*   

> Die neuen Versionen ändern die Datenstruktur HMAC_CTX, die Teil der öffentlichen API von OpenSSL ist.

 

 *Quote:*   

> The new versions modify the data structure HMAC_CTX which is part of the public API of OpenSSL.

 

So packages linking against openssl naturally need to be rebuilt

----------

## Tony0945

From the linked bug report:

 *Quote:*   

> 1.0.2c and 1.0.1o are now out and reverse the ABI breakage.

 

----------

