'[ MDVSA-2012:011 ] openssl'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    [ MDVSA-2012:011 ] openssl
From:       security () mandriva ! com
Date:       2012-01-29 19:25:01
Message-ID: E1RraN3-0007Jd-1c () titan ! mandriva ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:011
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : openssl
 Date    : January 29, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in openssl:
 
 OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications,
 which allows remote attackers to cause a denial of service via
 unspecified vectors.  NOTE: this vulnerability exists because of an
 incorrect fix for CVE-2011-4108 (CVE-2012-0050).
 
 The updated packages have been patched to correct this issue.
 
 The openssl0.9.8 packages for 2010.2 have been upgraded to the 0.9.8t
 version which is not vulnerable to this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050
 http://www.openssl.org/news/secadv_20120118.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 3d1552028a1193f09e656595a7086e7c  \
2010.1/i586/libopenssl0.9.8-0.9.8t-0.1mdv2010.2.i586.rpm  \
1d0afb14e5d538d2ab693ad50656ba27  \
2010.1/i586/libopenssl1.0.0-1.0.0a-1.10mdv2010.2.i586.rpm  \
9b2da169cce478da088420e9bac3da73  \
2010.1/i586/libopenssl1.0.0-devel-1.0.0a-1.10mdv2010.2.i586.rpm  \
d60d92da1039e69bb8dce3669fa15394  \
2010.1/i586/libopenssl1.0.0-static-devel-1.0.0a-1.10mdv2010.2.i586.rpm  \
e1bdbc476c945d01dba413633de4c9f3  \
2010.1/i586/libopenssl-engines1.0.0-1.0.0a-1.10mdv2010.2.i586.rpm  \
74fced6c024c55ae564431785c425ea6  2010.1/i586/openssl-1.0.0a-1.10mdv2010.2.i586.rpm   \
8900a99630c54b95e8181a035f19c5d3  \
2010.1/SRPMS/openssl0.9.8-0.9.8t-0.1mdv2010.2.src.rpm  \
c1dbd62acd6152eb430b7b7b040f6daa  2010.1/SRPMS/openssl-1.0.0a-1.10mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 360aa3cdcc7bd5389a49029f556d8b1f  \
2010.1/x86_64/lib64openssl0.9.8-0.9.8t-0.1mdv2010.2.x86_64.rpm  \
38b2ea8779ecb5000aa42e1223177a16  \
2010.1/x86_64/lib64openssl1.0.0-1.0.0a-1.10mdv2010.2.x86_64.rpm  \
24a3d4891c49a6834c900f51a296cb78  \
2010.1/x86_64/lib64openssl1.0.0-devel-1.0.0a-1.10mdv2010.2.x86_64.rpm  \
1402f25fd2a9556008e7a3844d2796e2  \
2010.1/x86_64/lib64openssl1.0.0-static-devel-1.0.0a-1.10mdv2010.2.x86_64.rpm  \
8de0784934ade0205c5a35b58fd8e2e1  \
2010.1/x86_64/lib64openssl-engines1.0.0-1.0.0a-1.10mdv2010.2.x86_64.rpm  \
2b4f6bba324f1b1ff9b50608892a36a5  \
2010.1/x86_64/openssl-1.0.0a-1.10mdv2010.2.x86_64.rpm   \
8900a99630c54b95e8181a035f19c5d3  \
2010.1/SRPMS/openssl0.9.8-0.9.8t-0.1mdv2010.2.src.rpm  \
c1dbd62acd6152eb430b7b7b040f6daa  2010.1/SRPMS/openssl-1.0.0a-1.10mdv2010.2.src.rpm

 Mandriva Linux 2011:
 d4ab0a6f45773b5529160783b6c51666  \
2011/i586/libopenssl1.0.0-1.0.0d-2.3-mdv2011.0.i586.rpm  \
dcd8cf9975aaff3b7a0263acffc8a969  \
2011/i586/libopenssl-devel-1.0.0d-2.3-mdv2011.0.i586.rpm  \
1d1dea32f05f3e05b4e88666d54f8000  \
2011/i586/libopenssl-engines1.0.0-1.0.0d-2.3-mdv2011.0.i586.rpm  \
ab30c467a26a3004c05db723a8638351  \
2011/i586/libopenssl-static-devel-1.0.0d-2.3-mdv2011.0.i586.rpm  \
8a459b25df75691ad36f366f7ab52bcf  2011/i586/openssl-1.0.0d-2.3-mdv2011.0.i586.rpm   \
f62697910799a948e6f6968f6dabbd57  2011/SRPMS/openssl-1.0.0d-2.3.src.rpm

 Mandriva Linux 2011/X86_64:
 5437abb7d5123efc1fcd7bf5748b7858  \
2011/x86_64/lib64openssl1.0.0-1.0.0d-2.3-mdv2011.0.x86_64.rpm  \
5f92319e8040dae6d769a51d6b9d7859  \
2011/x86_64/lib64openssl-devel-1.0.0d-2.3-mdv2011.0.x86_64.rpm  \
3b96d82a1f2f0714512435d2647ec4d5  \
2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.3-mdv2011.0.x86_64.rpm  \
182c0e2a4a247bbd3530eeab5fbe4c51  \
2011/x86_64/lib64openssl-static-devel-1.0.0d-2.3-mdv2011.0.x86_64.rpm  \
aed76398cf865b3e516a853e0ae74128  2011/x86_64/openssl-1.0.0d-2.3-mdv2011.0.x86_64.rpm \
  f62697910799a948e6f6968f6dabbd57  2011/SRPMS/openssl-1.0.0d-2.3.src.rpm

 Mandriva Enterprise Server 5:
 c67d477c8f43a359d6e1cc1235c026d9  \
mes5/i586/libopenssl0.9.8-0.9.8h-3.13mdvmes5.2.i586.rpm  \
d79856916fba2623cb03cf5cfbe2f3d5  \
mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.13mdvmes5.2.i586.rpm  \
ab5062b36b43682ffb848a11e7f10913  \
mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.13mdvmes5.2.i586.rpm  \
75ae211ecce78408dda0d4c7b0272069  mes5/i586/openssl-0.9.8h-3.13mdvmes5.2.i586.rpm   \
46b0cd56f7708e8b92fe96fc21f23ed4  mes5/SRPMS/openssl-0.9.8h-3.13mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 db577969e2d0f2314172255056bd0b39  \
mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.13mdvmes5.2.x86_64.rpm  \
f7eb1f4a2546c589020a45e9995d174d  \
mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.13mdvmes5.2.x86_64.rpm  \
98e904938a2d04431844f8ece734bf1b  \
mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.13mdvmes5.2.x86_64.rpm  \
60ed4104d96569f0dfb8e3b923281fa9  mes5/x86_64/openssl-0.9.8h-3.13mdvmes5.2.x86_64.rpm \
  46b0cd56f7708e8b92fe96fc21f23ed4  mes5/SRPMS/openssl-0.9.8h-3.13mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPJW7umqjQ0CJFipgRAmDbAKDae8Cqx8llncz8trm6uoarxn34nwCgkDUq
okA8oBecQChNAD1yuwcBPp4=
=Lg5u
-----END PGP SIGNATURE-----


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic