Kaspar Brand

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions prior to 1.0.0e Gentoo Linux (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in the OpenSSL package that can be exploited remotely, potentially leading to breaches in confidentiality, integrity, and availability of protected information. Specifically, in OpenSSL 1.0.x before version 1.0.0e, certain structure members in crypto/x509/x509 vfy.c are not initialized, making it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. **Recommendations** For OpenSSL versions prior to 1.0.0e, update to version 1.0.0e or later to resolve the issue. For Gentoo Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.