'[Full-Disclosure] Security Update: [CSSA-2002-033.0] Linux: multiple vulnerabilities in openssl'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-Disclosure] Security Update: [CSSA-2002-033.0] Linux: multiple vulnerabilities in openssl
From:       security () caldera ! com
Date:       2002-07-31 18:16:16
[Download RAW message or body]


To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@li=
nuxsecurity.com full-disclosure@lists.netsys.com

___________________________________________________________________________=
___

=09=09Caldera International, Inc.  Security Advisory

Subject:=09=09Linux: multiple vulnerabilities in openssl
Advisory number: =09CSSA-2002-033.0
Issue date: =09=092002 July 31
Cross reference:
___________________________________________________________________________=
___


1. Problem Description

=09There are four remotely exploitable buffer overflows that affect
=09various OpenSSL client and server implementations. There are also
=09encoding problems in the ASN.1 library used by OpenSSL. Several
=09of these vulnerabilities could be used by a remote attacker to
=09execute arbitrary code on the target system. All could be used
=09to create denial of service.


2. Vulnerable Supported Versions

=09System=09=09=09=09Package
=09----------------------------------------------------------------------

=09OpenLinux 3.1.1 Server=09=09prior to openssl-0.9.6-18.i386.rpm
=09=09=09=09=09prior to openssl-devel-0.9.6-18.i386.rpm
=09=09=09=09=09prior to openssl-devel-static-0.9.6-18.i386.rpm

=09OpenLinux 3.1.1 Workstation=09prior to openssl-0.9.6-18.i386.rpm
=09=09=09=09=09prior to openssl-devel-0.9.6-18.i386.rpm
=09=09=09=09=09prior to openssl-devel-static-0.9.6-18.i386.rpm

=09OpenLinux 3.1 Server=09=09prior to openssl-0.9.6-18.i386.rpm
=09=09=09=09=09prior to openssl-devel-0.9.6-18.i386.rpm
=09=09=09=09=09prior to openssl-devel-static-0.9.6-18.i386.rpm

=09OpenLinux 3.1 Workstation=09prior to openssl-0.9.6-18.i386.rpm
=09=09=09=09=09prior to openssl-devel-0.9.6-18.i386.rpm
=09=09=09=09=09prior to openssl-devel-static-0.9.6-18.i386.rpm


3. Solution

=09The proper solution is to install the latest packages. Many
=09customers find it easier to use the Caldera System Updater, called
=09cupdate (or kcupdate under the KDE environment), to update these
=09packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

=094.1 Package Location

=09ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0=
/RPMS

=094.2 Packages

=0949b6589ee4e3fa4780a279e5dc46604d=09openssl-0.9.6-18.i386.rpm
=09608246e3b6de6e1f08946915307813a1=09openssl-devel-0.9.6-18.i386.rpm
=0955c039bf7e2f23805fe4060d72d94974=09openssl-devel-static-0.9.6-18.i386.rp=
m

=094.3 Installation

=09rpm -Fvh openssl-0.9.6-18.i386.rpm
=09rpm -Fvh openssl-devel-0.9.6-18.i386.rpm
=09rpm -Fvh openssl-devel-static-0.9.6-18.i386.rpm

=094.4 Source Package Location

=09ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0=
/SRPMS

=094.5 Source Packages

=0999196cf80db29415ca44ef78733701ca=09openssl-0.9.6-18.src.rpm


5. OpenLinux 3.1.1 Workstation

=095.1 Package Location

=09ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-=
033.0/RPMS

=095.2 Packages

=096c83bdbaa0866d48413a6986d44add2b=09openssl-0.9.6-18.i386.rpm
=09c17adb44ffd8f0f5e8b812904cf58227=09openssl-devel-0.9.6-18.i386.rpm
=090f9741b9b1348e4100bbc4c2165983b4=09openssl-devel-static-0.9.6-18.i386.rp=
m

=095.3 Installation

=09rpm -Fvh openssl-0.9.6-18.i386.rpm
=09rpm -Fvh openssl-devel-0.9.6-18.i386.rpm
=09rpm -Fvh openssl-devel-static-0.9.6-18.i386.rpm

=095.4 Source Package Location

=09ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-=
033.0/SRPMS

=095.5 Source Packages

=097f819da5b612bd24e1f08b3e6ce96c7c=09openssl-0.9.6-18.src.rpm


6. OpenLinux 3.1 Server

=096.1 Package Location

=09ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/R=
PMS

=096.2 Packages

=09db2c63ecd72f9c919d75b80f7bf21416=09openssl-0.9.6-18.i386.rpm
=09dfacf5e8c7588d19bda6aacbee04455c=09openssl-devel-0.9.6-18.i386.rpm
=095caa2e9083c7bd82cf11abb747f92e24=09openssl-devel-static-0.9.6-18.i386.rp=
m

=096.3 Installation

=09rpm -Fvh openssl-0.9.6-18.i386.rpm
=09rpm -Fvh openssl-devel-0.9.6-18.i386.rpm
=09rpm -Fvh openssl-devel-static-0.9.6-18.i386.rpm

=096.4 Source Package Location

=09ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/S=
RPMS

=096.5 Source Packages

=09209ee703939cf4de47cc2e403e7a7a5f=09openssl-0.9.6-18.src.rpm


7. OpenLinux 3.1 Workstation

=097.1 Package Location

=09ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-03=
3.0/RPMS

=097.2 Packages

=094a71d2544d0b06600abc27bddc4d20f5=09openssl-0.9.6-18.i386.rpm
=096a0caf0bfef379791b83aaca484d212d=09openssl-devel-0.9.6-18.i386.rpm
=09294d134720153d5f4b284653d42cfdb1=09openssl-devel-static-0.9.6-18.i386.rp=
m

=097.3 Installation

=09rpm -Fvh openssl-0.9.6-18.i386.rpm
=09rpm -Fvh openssl-devel-0.9.6-18.i386.rpm
=09rpm -Fvh openssl-devel-static-0.9.6-18.i386.rpm

=097.4 Source Package Location

=09ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-03=
3.0/SRPMS

=097.5 Source Packages

=09480806a05bc92716fd17001873c40c9a=09openssl-0.9.6-18.src.rpm


8. References

=09Specific references for this advisory:
=09=09http://www.openssl.org/news/secadv_20020730.txt
=09=09http://www.cert.org/advisories/CA-2002-23.html

=09Caldera security resources:
=09=09http://www.caldera.com/support/security/index.html

=09This security fix closes Caldera incidents sr867369, fz525695,
=09erg501640.


9. Disclaimer

=09Caldera International, Inc. is not responsible for the misuse
=09of any of the information we provide on this website and/or
=09through our security advisories. Our advisories are a service
=09to our customers intended to promote secure installation and
=09use of Caldera products.


10. Acknowledgements

=09These vulnerabilities were discovered and reported by the
=09following: A.L. Digital Ltd, John McDonald of Neohapsis, Adi
=09Stav, James Yonan.

___________________________________________________________________________=
___

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic