lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030327144552.A31496@bungee.trustix.com>
Date: Thu, 27 Mar 2003 14:45:52 +0100
From: Trustix Secure Linux Advisor <tsl@...stix.com>
To: bugtraq@...urityfocus.com
Subject: TSLSA-2003-0013 - openssl


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2003-0013

Package name:      openssl
Summary:           Klima-Pokorny-Rosa
Date:              2003-03-26
Affected versions: TSL 1.1, 1.2, 1.5

- --------------------------------------------------------------------------
Package description:
  A C library that provides various crytographic algorithms and protocols,
  including DES, RC4, RSA, and SSL. Includes shared libraries.

Problem description:
  The openssl-0.9.6-13tr was open to the Klima-Pokorny-Rosa attack, this new
  one is patched against this problem.


Action:
  We recommend that all systems with this package installed be upgraded.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/> and
  <URI:http://www.trustix.net/errata/trustix-1.5/>
  or directly at
  <URI:http://www.trustix.net/errata/misc/2003/TSL-2003-0013-openssl.asc.txt>


MD5sums of the packages:
- --------------------------------------------------------------------------
2eb9af9947c5c5d7dacd9f7c57ecd554  ./1.5/SRPMS/openssl-0.9.6-14tr.src.rpm
edd476d6415bc02c72619a0d431265eb  ./1.5/RPMS/openssl-support-0.9.6-14tr.i586.rpm
b3cf89188d53370e3b2c464b961650db  ./1.5/RPMS/openssl-python-0.9.6-14tr.i586.rpm
c1b9a4ac1d1b67e5ae229de5412d7fd1  ./1.5/RPMS/openssl-devel-0.9.6-14tr.i586.rpm
0a8bfa4733591e793750fdbe9d7a1a84  ./1.5/RPMS/openssl-0.9.6-14tr.i586.rpm
2eb9af9947c5c5d7dacd9f7c57ecd554  ./1.2/SRPMS/openssl-0.9.6-14tr.src.rpm
085059adedd997da456a4d93ab14ed67  ./1.2/RPMS/openssl-support-0.9.6-14tr.i586.rpm
8286dcdd826608af69c5352894114269  ./1.2/RPMS/openssl-python-0.9.6-14tr.i586.rpm
8739e44e2521a11dc4e02ea33695b58f  ./1.2/RPMS/openssl-devel-0.9.6-14tr.i586.rpm
e9f1409e0df82d662310037e89858c18  ./1.2/RPMS/openssl-0.9.6-14tr.i586.rpm
2eb9af9947c5c5d7dacd9f7c57ecd554  ./1.1/SRPMS/openssl-0.9.6-14tr.src.rpm
339fa38a192723922b4e396a58f9954f  ./1.1/RPMS/openssl-support-0.9.6-14tr.i586.rpm
bcc32ddd1b0c780a0b7a82b206ba68f8  ./1.1/RPMS/openssl-python-0.9.6-14tr.i586.rpm
dd3944f2b0917bcd1996c2648f1bd5ad  ./1.1/RPMS/openssl-devel-0.9.6-14tr.i586.rpm
7c61f3f5dd979e2c74d1d096374fe4de  ./1.1/RPMS/openssl-0.9.6-14tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+gbc7wRTcg4BxxS0RAn+QAJ9HvzQtVSnGsbVCFX23rMEEnYj0wQCdEOEQ
wRu/zKQwFMp6EFanSEk1R6k=
=OHgX
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ