[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040318221948.GA10113@tsunami.trustix.net>
Date: Thu, 18 Mar 2004 23:19:48 +0100
From: Trustix Security Advisor <tsl@...stix.org>
To: bugtraq@...urityfocus.com
Subject: TSLSA-2004-0012 - openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2004-0012
Package name: openssl
Summary: Sevaral DoS vulnerabilities
Date: 2004-03-17
Affected versions: Trustix 1.5, 2.0, 2.1
- --------------------------------------------------------------------------
Package description:
A C library that provides various crytographic algorithms and protocols,
including DES, RC4, RSA, and SSL.
Problem description:
Several holes were discovered that could lead to denial of service (DoS)
attacks on SSL-enabled services.
See CAN-2004-0079, CAN-2004-0081, and CAN-2004-0112 on
<URI:http://cve.mitre.org> for a more thorough description of these
problems.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Public testing:
Most updates for Trustix are made available for public testing some time
before release.
If you want to contribute by testing the various packages in the
testing tree, please feel free to share your findings on the
tsl-discuss mailinglist.
The testing tree is located at
<URI:http://tsldev.trustix.org/cloud/>
You may also use swup for public testing of updates:
site {
class = 0
location = "http://tsldev.trustix.org/cloud/rdfs/latest.rdf"
regexp = ".*"
}
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-1.5/>,
<URI:http://www.trustix.org/errata/trustix-2.0/> and
<URI:http://www.trustix.org/errata/trustix-2.1/>
or directly at
<URI:http://www.trustix.org/errata/misc/2004/TSL-2004-0012-openssl.asc.txt>
MD5sums of the packages:
- --------------------------------------------------------------------------
586ed6a62e01ca094f61002ec4b134e8 1.5/rpms/openssl-0.9.6-17tr.i586.rpm
ac7ebd358ce58ab403a4498da02486be 1.5/rpms/openssl-devel-0.9.6-17tr.i586.rpm
beee208cfb7081cced602a750d1f2145 1.5/rpms/openssl-python-0.9.6-17tr.i586.rpm
7b7d4788687514cf273d5bffe65b6d2e 1.5/rpms/openssl-support-0.9.6-17tr.i586.rpm
5e891874980982a134bb127ba7358f0d 1.5/srpms/openssl-0.9.6-17tr.src.rpm
cd3866fb30d8acb728ef44f8a30d6b37 2.0/rpms/openssl-0.9.7c-2tr.i586.rpm
988123ebb6fb32a717b0b3f85082028b 2.0/rpms/openssl-devel-0.9.7c-2tr.i586.rpm
c8f19e94b6ed3be8892a1a66be9a3644 2.0/rpms/openssl-python-0.9.7c-2tr.i586.rpm
d7f01d2b99e6ded2ab3361ef90dffb62 2.0/rpms/openssl-support-0.9.7c-2tr.i586.rpm
d49d900813432cfaabaaa4454a999ee6 2.0/srpms/openssl-0.9.7c-2tr.src.rpm
26f2286743fcb8f6560b05125e74ea71 2.1/rpms/openssl-0.9.7c-5tr.i586.rpm
32728af4fa90cf13996620304b5fadaa 2.1/rpms/openssl-devel-0.9.7c-5tr.i586.rpm
457e62f027ebf155a454b9dc20cc8891 2.1/rpms/openssl-python-0.9.7c-5tr.i586.rpm
f9f45701b12d2407e473929ffb9699d1 2.1/rpms/openssl-support-0.9.7c-5tr.i586.rpm
8c9a0ad7e420fe6f914338fa5d884996 2.1/srpms/openssl-0.9.7c-5tr.src.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFAWb7/i8CEzsK9IksRAm0eAJ9my/zsqLQ3pVu/9vrLVD9EX1hTgwCdGQHK
44wiQ5twZJOU4JrpCJtv260=
=SBPt
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists