lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 5 Sep 2006 15:22:20 +0100 (BST)
From: Mark J Cox <mark@....com>
To: full-disclosure@...ts.grok.org.uk
Subject: [SECURITY] OpenSSL 0.9.8c and 0.9.7k released

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


   OpenSSL version 0.9.8c and 0.9.7k released
   ==========================================

   OpenSSL - The Open Source toolkit for SSL/TLS
   http://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 0.9.8c of our open source toolkit for SSL/TLS. This new
   OpenSSL version is a security and bugfix release and incorporates
   changes and bugfixes to the toolkit.  For a complete list of
   changes, please see http://www.openssl.org/source/exp/CHANGES.

   This release fixes an important security vulnerability which could
   allow RSA Signature Forgery, CVE-2006-4339.  Please see
   http://www.openssl.org/news/secadv_20060905.txt

   We also release 0.9.7k, which contains the security update and
   bugfixes compared to 0.9.7j.

   We consider OpenSSL 0.9.8c to be the best version of OpenSSL
   available and we strongly recommend that users of older versions
   upgrade as soon as possible. OpenSSL 0.9.8c is available for
   download via HTTP and FTP from the following master locations (you
   can find the various FTP mirrors under
   http://www.openssl.org/source/mirror.html):

     * http://www.openssl.org/source/
     * ftp://ftp.openssl.org/source/

   For those who want or have to stay with the 0.9.7 series of
   OpenSSL, we strongly recommend that you upgrade to OpenSSL 0.9.7k
   as soon as possible.  It's available in the same location as
   0.9.8c.

   The distribution file names are:

     * openssl-0.9.8c.tar.gz
       MD5 checksum: 78454bec556bcb4c45129428a766c886
       SHA1 checksum: d0798e5c7c4509d96224136198fa44f7f90e001d

    * openssl-0.9.7k.tar.gz
      MD5 checksum: be6bba1d67b26eabb48cf1774925416f
      SHA1 checksum: 90056b8f5e518edc9f74f66784fbdcfd9b784dd2

   The checksums were calculated using the following commands:

    openssl md5 openssl-0.9.*.tar.gz
    openssl sha1 openssl-0.9.*.tar.gz

   Yours,

   The OpenSSL Project Team...

    Mark J. Cox             Nils Larsch         Ulf Möller
    Ralf S. Engelschall     Ben Laurie          Andy Polyakov
    Dr. Stephen Henson      Richard Levitte     Geoff Thorpe
    Lutz Jänicke            Bodo Möller



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iQCVAwUBRP1Enu6tTP1JpWPZAQKUhQP/dBLTKnYVGvNvUYi2mleBNoUn8ISsZsA8
5jfBOzsrR+GnZHdyxU3wqcUBzoteE6robAB5Xz1eVvtQDoSPOor0zQWNTrTOEL7N
3MUbD/xwCv46kfk6OnptUUQ1UK2uA+IV6nxQHx6CDDdDO5wr2D8vBX3Q2JCuPXlf
YjbILfKdPaA=
=CW+z
-----END PGP SIGNATURE-----



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ