lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 04 Apr 2009 00:39:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:087 ] openssl


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:087
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : openssl
 Date    : April 3, 2009
 Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A security vulnerability has been identified and fixed in OpenSSL,
 which could crash applications using OpenSSL library when parsing
 malformed certificates (CVE-2009-0590).
 
 The updated packages have been patched to prevent this.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 6b754c91594c65b327d2dba0c7402d55  2008.0/i586/libopenssl0.9.8-0.9.8e-8.3mdv2008.0.i586.rpm
 7925aa846daa02085d8261e17f2f5875  2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.3mdv2008.0.i586.rpm
 051e206025736be6aca4e5b2a57b8f94  2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.3mdv2008.0.i586.rpm
 01f56e6d5ee540090fbee6d34f29e65a  2008.0/i586/openssl-0.9.8e-8.3mdv2008.0.i586.rpm 
 c70caa3e4c03412a02cc6bbb36902382  2008.0/SRPMS/openssl-0.9.8e-8.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 bffedd1a3568c6756f2a7e208711406b  2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.3mdv2008.0.x86_64.rpm
 bdd18bfb34dc3fe03ab0427eaa998762  2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.3mdv2008.0.x86_64.rpm
 c1966f47b75d196587ba1bbebeb36de6  2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.3mdv2008.0.x86_64.rpm
 2d0ee52fbbe9736e3e36d0af3eccfab4  2008.0/x86_64/openssl-0.9.8e-8.3mdv2008.0.x86_64.rpm 
 c70caa3e4c03412a02cc6bbb36902382  2008.0/SRPMS/openssl-0.9.8e-8.3mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 dc492cf18385aabfb94663b1a121a776  2008.1/i586/libopenssl0.9.8-0.9.8g-4.3mdv2008.1.i586.rpm
 bb4d4453048fb8f68fa3d4acaddaa0c8  2008.1/i586/libopenssl0.9.8-devel-0.9.8g-4.3mdv2008.1.i586.rpm
 ad22bc2ee1d238606133616104420669  2008.1/i586/libopenssl0.9.8-static-devel-0.9.8g-4.3mdv2008.1.i586.rpm
 f7f7edf2ca2e1422d718a40c2c14419b  2008.1/i586/openssl-0.9.8g-4.3mdv2008.1.i586.rpm 
 e032c64f27cc35e9c72c9ee1d28dfaf3  2008.1/SRPMS/openssl-0.9.8g-4.3mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 77d9d1e7f5dc49dec60c69cc1b028463  2008.1/x86_64/lib64openssl0.9.8-0.9.8g-4.3mdv2008.1.x86_64.rpm
 0bcee0a1c173a8f5d8e8adbb81708a6c  2008.1/x86_64/lib64openssl0.9.8-devel-0.9.8g-4.3mdv2008.1.x86_64.rpm
 cb5ff411ea8180862e0d411239c76341  2008.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8g-4.3mdv2008.1.x86_64.rpm
 02c72439aa06c9310494b17ebc676e0c  2008.1/x86_64/openssl-0.9.8g-4.3mdv2008.1.x86_64.rpm 
 e032c64f27cc35e9c72c9ee1d28dfaf3  2008.1/SRPMS/openssl-0.9.8g-4.3mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 4ec73f053278a9c77ccd62034a1e4c72  2009.0/i586/libopenssl0.9.8-0.9.8h-3.2mdv2009.0.i586.rpm
 33da38ad5f20eec511a60b5b476cf241  2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.2mdv2009.0.i586.rpm
 70f6020e9fe66badabf815f7256b9718  2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.2mdv2009.0.i586.rpm
 8f87c9a8339052d4c261cfd818486c1d  2009.0/i586/openssl-0.9.8h-3.2mdv2009.0.i586.rpm 
 44980fee28c99bb22012e36e88eeaec7  2009.0/SRPMS/openssl-0.9.8h-3.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 18b0da8ae3998bb143efbe9fbf78282d  2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.2mdv2009.0.x86_64.rpm
 01310fb6273e795489023f02d71434d4  2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.2mdv2009.0.x86_64.rpm
 2da04ce75c2371f1ee15d94742f00ee6  2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.2mdv2009.0.x86_64.rpm
 5529205245e554324f40c87ba665b198  2009.0/x86_64/openssl-0.9.8h-3.2mdv2009.0.x86_64.rpm 
 44980fee28c99bb22012e36e88eeaec7  2009.0/SRPMS/openssl-0.9.8h-3.2mdv2009.0.src.rpm

 Corporate 3.0:
 1b58ced1478d63969727c9346305e20d  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.10.C30mdk.i586.rpm
 3ebb9340042ad4fbf9664ba47148fd59  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.10.C30mdk.i586.rpm
 c57397a9e6773866c58d11af8b9599a4  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.10.C30mdk.i586.rpm
 feaecf68067dd7d75cf30790b0702338  corporate/3.0/i586/openssl-0.9.7c-3.10.C30mdk.i586.rpm 
 47da419d4ed666fcb064635be15a6450  corporate/3.0/SRPMS/openssl-0.9.7c-3.10.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c567e5f61d5cae04b02bfa43d307cf95  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.10.C30mdk.x86_64.rpm
 4c487ef9f195ac905d8e27a2ee5a3aad  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.10.C30mdk.x86_64.rpm
 11faa9b02898eaec3d346e56c2c37567  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.10.C30mdk.x86_64.rpm
 0485fbcd4bb28224e6716114eb6dd372  corporate/3.0/x86_64/openssl-0.9.7c-3.10.C30mdk.x86_64.rpm 
 47da419d4ed666fcb064635be15a6450  corporate/3.0/SRPMS/openssl-0.9.7c-3.10.C30mdk.src.rpm

 Corporate 4.0:
 72db90b1c8362f8122bb29101e8f7ea3  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.8.20060mlcs4.i586.rpm
 2957dac9e5461336cf68433f4b147de1  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.8.20060mlcs4.i586.rpm
 e0f441e9cf9c18321f4e8b3099c2df5a  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.8.20060mlcs4.i586.rpm
 4a020ff36ff58d2ae9ccfc852f265d1d  corporate/4.0/i586/openssl-0.9.7g-2.8.20060mlcs4.i586.rpm 
 12bd0d350017d5ad4930beaad07e2a92  corporate/4.0/SRPMS/openssl-0.9.7g-2.8.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 b8c7201ae9c41aa0f391f877da24e312  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.8.20060mlcs4.x86_64.rpm
 d9329b8d694a37cd24d3e2373eb02066  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.8.20060mlcs4.x86_64.rpm
 e9c6bd67410f238a0b775361e08e7af3  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.8.20060mlcs4.x86_64.rpm
 88d42200e0464824e003ce4451a175e7  corporate/4.0/x86_64/openssl-0.9.7g-2.8.20060mlcs4.x86_64.rpm 
 12bd0d350017d5ad4930beaad07e2a92  corporate/4.0/SRPMS/openssl-0.9.7g-2.8.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 74728af83737762b744092597629e1db  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.10.C30mdk.i586.rpm
 0de1c4403ddbba33f21a99e2879af9cc  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.10.C30mdk.i586.rpm
 3b79e5cdb909115e3770ee59a17f757a  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.10.C30mdk.i586.rpm
 39b67cff96aaa016f119d5ddff312f54  mnf/2.0/i586/openssl-0.9.7c-3.10.C30mdk.i586.rpm 
 1201abd42759b7e5a0d96aa4f96a9dd1  mnf/2.0/SRPMS/openssl-0.9.7c-3.10.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ1mJMmqjQ0CJFipgRAq43AJ427ntOrRUUUgRlx1AwCldUE/rFygCfQu5Y
I9/Hqbyeksi2w0SLyVMPeMw=
=+BmT
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists