ActiveTcl and CVE-2015-1793

Posted by grahams on 2015-07-09 10:05
OS: All / Any | Product: ActiveTcl | tags: activetcl CVE openssl
Question: 

Are ActiveTcl releases affected by CVE-2015-1793?

Answer: 

ActiveTcl 8.4.6.1 is affected. No other releases were shipped with the OpenSSL libraries that have the issue.

Sites where Teacup updates have installed tls versions 1.6.6, 1.6.6.1, or 1.6.7 are also affected.

Mitigation:
tls version 1.6.7.1 will be released with an updated OpenSSL library, and can be installed to patch 8.4.6.1 or replace add-on tls versions in other releases.

Alternately, there is also the option of using teacup to fall back to a tls version prior to 1.6.6 which is not affected.