---

Persistent URL of this advisory is available at http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html

Summary

In Win32/64 binary releases there are vulnerable OpenSSL DLL files. All users ar encouraged to upgrade to the latest version.

In-depth

See vendor's advisory at http://www.openssl.org/news/secadv_20090325.txt.
All versions prior to 1.1.36 are affected by these security vulnerabilities. VooDoo cIRCle 1.1.36 binary relases for Win32/64 are not affected by these known security vulnerabilities. Versions using older OpenSSL library, though on any platform, or custom builds, are vulnerable, that is, either all binary-distributed versions of VooDoo cIRCle prior to 1.1.36, or those linked against OpenSSL library version prior to 0.9.8k are vulnerable by these vulnerabilities.

Workaround

There is no known workaround at this time.

Solution

Update to the latest version, VooDoo cIRCle 1.1.36, which is not vulnerable.

Time line

2009年03月25日 - Received notification from secunia.com that the same day OpenSSL vendor released new version of OpenSSL library 0.9.8k, which is not vulnerable by known vulnerabilities.
2009年03月26日 - Release of VooDoo cIRCle 1.1.36 .
2009年03月26日 - VooDoo cIRCle vendor security advisory: public disclosure: this security advisory.

Cahngelog

2009年03月26日 - Initial revision
2009年03月26日 - Fixed HTML formatting error

---

Legal notice

Some names used in this document may be registered trademarks of their respective owners.

---

Get VooDoo cIRCle at SourceForge.net. Fast, secure and Free Open Source software downloads