[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: [ MDVSA-2012:011 ] openssl
From: security () mandriva ! com
Date: 2012-01-29 19:25:01
Message-ID: E1RraN3-0007Jd-1c () titan ! mandriva ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:011
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openssl
Date : January 29, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in openssl:
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications,
which allows remote attackers to cause a denial of service via
unspecified vectors. NOTE: this vulnerability exists because of an
incorrect fix for CVE-2011-4108 (CVE-2012-0050).
The updated packages have been patched to correct this issue.
The openssl0.9.8 packages for 2010.2 have been upgraded to the 0.9.8t
version which is not vulnerable to this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050
http://www.openssl.org/news/secadv_20120118.txt
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
3d1552028a1193f09e656595a7086e7c \
2010.1/i586/libopenssl0.9.8-0.9.8t-0.1mdv2010.2.i586.rpm \
1d0afb14e5d538d2ab693ad50656ba27 \
2010.1/i586/libopenssl1.0.0-1.0.0a-1.10mdv2010.2.i586.rpm \
9b2da169cce478da088420e9bac3da73 \
2010.1/i586/libopenssl1.0.0-devel-1.0.0a-1.10mdv2010.2.i586.rpm \
d60d92da1039e69bb8dce3669fa15394 \
2010.1/i586/libopenssl1.0.0-static-devel-1.0.0a-1.10mdv2010.2.i586.rpm \
e1bdbc476c945d01dba413633de4c9f3 \
2010.1/i586/libopenssl-engines1.0.0-1.0.0a-1.10mdv2010.2.i586.rpm \
74fced6c024c55ae564431785c425ea6 2010.1/i586/openssl-1.0.0a-1.10mdv2010.2.i586.rpm \
8900a99630c54b95e8181a035f19c5d3 \
2010.1/SRPMS/openssl0.9.8-0.9.8t-0.1mdv2010.2.src.rpm \
c1dbd62acd6152eb430b7b7b040f6daa 2010.1/SRPMS/openssl-1.0.0a-1.10mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
360aa3cdcc7bd5389a49029f556d8b1f \
2010.1/x86_64/lib64openssl0.9.8-0.9.8t-0.1mdv2010.2.x86_64.rpm \
38b2ea8779ecb5000aa42e1223177a16 \
2010.1/x86_64/lib64openssl1.0.0-1.0.0a-1.10mdv2010.2.x86_64.rpm \
24a3d4891c49a6834c900f51a296cb78 \
2010.1/x86_64/lib64openssl1.0.0-devel-1.0.0a-1.10mdv2010.2.x86_64.rpm \
1402f25fd2a9556008e7a3844d2796e2 \
2010.1/x86_64/lib64openssl1.0.0-static-devel-1.0.0a-1.10mdv2010.2.x86_64.rpm \
8de0784934ade0205c5a35b58fd8e2e1 \
2010.1/x86_64/lib64openssl-engines1.0.0-1.0.0a-1.10mdv2010.2.x86_64.rpm \
2b4f6bba324f1b1ff9b50608892a36a5 \
2010.1/x86_64/openssl-1.0.0a-1.10mdv2010.2.x86_64.rpm \
8900a99630c54b95e8181a035f19c5d3 \
2010.1/SRPMS/openssl0.9.8-0.9.8t-0.1mdv2010.2.src.rpm \
c1dbd62acd6152eb430b7b7b040f6daa 2010.1/SRPMS/openssl-1.0.0a-1.10mdv2010.2.src.rpm
Mandriva Linux 2011:
d4ab0a6f45773b5529160783b6c51666 \
2011/i586/libopenssl1.0.0-1.0.0d-2.3-mdv2011.0.i586.rpm \
dcd8cf9975aaff3b7a0263acffc8a969 \
2011/i586/libopenssl-devel-1.0.0d-2.3-mdv2011.0.i586.rpm \
1d1dea32f05f3e05b4e88666d54f8000 \
2011/i586/libopenssl-engines1.0.0-1.0.0d-2.3-mdv2011.0.i586.rpm \
ab30c467a26a3004c05db723a8638351 \
2011/i586/libopenssl-static-devel-1.0.0d-2.3-mdv2011.0.i586.rpm \
8a459b25df75691ad36f366f7ab52bcf 2011/i586/openssl-1.0.0d-2.3-mdv2011.0.i586.rpm \
f62697910799a948e6f6968f6dabbd57 2011/SRPMS/openssl-1.0.0d-2.3.src.rpm
Mandriva Linux 2011/X86_64:
5437abb7d5123efc1fcd7bf5748b7858 \
2011/x86_64/lib64openssl1.0.0-1.0.0d-2.3-mdv2011.0.x86_64.rpm \
5f92319e8040dae6d769a51d6b9d7859 \
2011/x86_64/lib64openssl-devel-1.0.0d-2.3-mdv2011.0.x86_64.rpm \
3b96d82a1f2f0714512435d2647ec4d5 \
2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.3-mdv2011.0.x86_64.rpm \
182c0e2a4a247bbd3530eeab5fbe4c51 \
2011/x86_64/lib64openssl-static-devel-1.0.0d-2.3-mdv2011.0.x86_64.rpm \
aed76398cf865b3e516a853e0ae74128 2011/x86_64/openssl-1.0.0d-2.3-mdv2011.0.x86_64.rpm \
f62697910799a948e6f6968f6dabbd57 2011/SRPMS/openssl-1.0.0d-2.3.src.rpm
Mandriva Enterprise Server 5:
c67d477c8f43a359d6e1cc1235c026d9 \
mes5/i586/libopenssl0.9.8-0.9.8h-3.13mdvmes5.2.i586.rpm \
d79856916fba2623cb03cf5cfbe2f3d5 \
mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.13mdvmes5.2.i586.rpm \
ab5062b36b43682ffb848a11e7f10913 \
mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.13mdvmes5.2.i586.rpm \
75ae211ecce78408dda0d4c7b0272069 mes5/i586/openssl-0.9.8h-3.13mdvmes5.2.i586.rpm \
46b0cd56f7708e8b92fe96fc21f23ed4 mes5/SRPMS/openssl-0.9.8h-3.13mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
db577969e2d0f2314172255056bd0b39 \
mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.13mdvmes5.2.x86_64.rpm \
f7eb1f4a2546c589020a45e9995d174d \
mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.13mdvmes5.2.x86_64.rpm \
98e904938a2d04431844f8ece734bf1b \
mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.13mdvmes5.2.x86_64.rpm \
60ed4104d96569f0dfb8e3b923281fa9 mes5/x86_64/openssl-0.9.8h-3.13mdvmes5.2.x86_64.rpm \
46b0cd56f7708e8b92fe96fc21f23ed4 mes5/SRPMS/openssl-0.9.8h-3.13mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPJW7umqjQ0CJFipgRAmDbAKDae8Cqx8llncz8trm6uoarxn34nwCgkDUq
okA8oBecQChNAD1yuwcBPp4=
=Lg5u
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic