[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-Disclosure] Security Update: [CSSA-2002-033.0] Linux: multiple vulnerabilities in openssl
From: security () caldera ! com
Date: 2002-07-31 18:16:16
[Download RAW message or body]
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@li=
nuxsecurity.com full-disclosure@lists.netsys.com
___________________________________________________________________________=
___
=09=09Caldera International, Inc. Security Advisory
Subject:=09=09Linux: multiple vulnerabilities in openssl
Advisory number: =09CSSA-2002-033.0
Issue date: =09=092002 July 31
Cross reference:
___________________________________________________________________________=
___
1. Problem Description
=09There are four remotely exploitable buffer overflows that affect
=09various OpenSSL client and server implementations. There are also
=09encoding problems in the ASN.1 library used by OpenSSL. Several
=09of these vulnerabilities could be used by a remote attacker to
=09execute arbitrary code on the target system. All could be used
=09to create denial of service.
2. Vulnerable Supported Versions
=09System=09=09=09=09Package
=09----------------------------------------------------------------------
=09OpenLinux 3.1.1 Server=09=09prior to openssl-0.9.6-18.i386.rpm
=09=09=09=09=09prior to openssl-devel-0.9.6-18.i386.rpm
=09=09=09=09=09prior to openssl-devel-static-0.9.6-18.i386.rpm
=09OpenLinux 3.1.1 Workstation=09prior to openssl-0.9.6-18.i386.rpm
=09=09=09=09=09prior to openssl-devel-0.9.6-18.i386.rpm
=09=09=09=09=09prior to openssl-devel-static-0.9.6-18.i386.rpm
=09OpenLinux 3.1 Server=09=09prior to openssl-0.9.6-18.i386.rpm
=09=09=09=09=09prior to openssl-devel-0.9.6-18.i386.rpm
=09=09=09=09=09prior to openssl-devel-static-0.9.6-18.i386.rpm
=09OpenLinux 3.1 Workstation=09prior to openssl-0.9.6-18.i386.rpm
=09=09=09=09=09prior to openssl-devel-0.9.6-18.i386.rpm
=09=09=09=09=09prior to openssl-devel-static-0.9.6-18.i386.rpm
3. Solution
=09The proper solution is to install the latest packages. Many
=09customers find it easier to use the Caldera System Updater, called
=09cupdate (or kcupdate under the KDE environment), to update these
=09packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
=094.1 Package Location
=09ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0=
/RPMS
=094.2 Packages
=0949b6589ee4e3fa4780a279e5dc46604d=09openssl-0.9.6-18.i386.rpm
=09608246e3b6de6e1f08946915307813a1=09openssl-devel-0.9.6-18.i386.rpm
=0955c039bf7e2f23805fe4060d72d94974=09openssl-devel-static-0.9.6-18.i386.rp=
m
=094.3 Installation
=09rpm -Fvh openssl-0.9.6-18.i386.rpm
=09rpm -Fvh openssl-devel-0.9.6-18.i386.rpm
=09rpm -Fvh openssl-devel-static-0.9.6-18.i386.rpm
=094.4 Source Package Location
=09ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0=
/SRPMS
=094.5 Source Packages
=0999196cf80db29415ca44ef78733701ca=09openssl-0.9.6-18.src.rpm
5. OpenLinux 3.1.1 Workstation
=095.1 Package Location
=09ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-=
033.0/RPMS
=095.2 Packages
=096c83bdbaa0866d48413a6986d44add2b=09openssl-0.9.6-18.i386.rpm
=09c17adb44ffd8f0f5e8b812904cf58227=09openssl-devel-0.9.6-18.i386.rpm
=090f9741b9b1348e4100bbc4c2165983b4=09openssl-devel-static-0.9.6-18.i386.rp=
m
=095.3 Installation
=09rpm -Fvh openssl-0.9.6-18.i386.rpm
=09rpm -Fvh openssl-devel-0.9.6-18.i386.rpm
=09rpm -Fvh openssl-devel-static-0.9.6-18.i386.rpm
=095.4 Source Package Location
=09ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-=
033.0/SRPMS
=095.5 Source Packages
=097f819da5b612bd24e1f08b3e6ce96c7c=09openssl-0.9.6-18.src.rpm
6. OpenLinux 3.1 Server
=096.1 Package Location
=09ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/R=
PMS
=096.2 Packages
=09db2c63ecd72f9c919d75b80f7bf21416=09openssl-0.9.6-18.i386.rpm
=09dfacf5e8c7588d19bda6aacbee04455c=09openssl-devel-0.9.6-18.i386.rpm
=095caa2e9083c7bd82cf11abb747f92e24=09openssl-devel-static-0.9.6-18.i386.rp=
m
=096.3 Installation
=09rpm -Fvh openssl-0.9.6-18.i386.rpm
=09rpm -Fvh openssl-devel-0.9.6-18.i386.rpm
=09rpm -Fvh openssl-devel-static-0.9.6-18.i386.rpm
=096.4 Source Package Location
=09ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/S=
RPMS
=096.5 Source Packages
=09209ee703939cf4de47cc2e403e7a7a5f=09openssl-0.9.6-18.src.rpm
7. OpenLinux 3.1 Workstation
=097.1 Package Location
=09ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-03=
3.0/RPMS
=097.2 Packages
=094a71d2544d0b06600abc27bddc4d20f5=09openssl-0.9.6-18.i386.rpm
=096a0caf0bfef379791b83aaca484d212d=09openssl-devel-0.9.6-18.i386.rpm
=09294d134720153d5f4b284653d42cfdb1=09openssl-devel-static-0.9.6-18.i386.rp=
m
=097.3 Installation
=09rpm -Fvh openssl-0.9.6-18.i386.rpm
=09rpm -Fvh openssl-devel-0.9.6-18.i386.rpm
=09rpm -Fvh openssl-devel-static-0.9.6-18.i386.rpm
=097.4 Source Package Location
=09ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-03=
3.0/SRPMS
=097.5 Source Packages
=09480806a05bc92716fd17001873c40c9a=09openssl-0.9.6-18.src.rpm
8. References
=09Specific references for this advisory:
=09=09http://www.openssl.org/news/secadv_20020730.txt
=09=09http://www.cert.org/advisories/CA-2002-23.html
=09Caldera security resources:
=09=09http://www.caldera.com/support/security/index.html
=09This security fix closes Caldera incidents sr867369, fz525695,
=09erg501640.
9. Disclaimer
=09Caldera International, Inc. is not responsible for the misuse
=09of any of the information we provide on this website and/or
=09through our security advisories. Our advisories are a service
=09to our customers intended to promote secure installation and
=09use of Caldera products.
10. Acknowledgements
=09These vulnerabilities were discovered and reported by the
=09following: A.L. Digital Ltd, John McDonald of Neohapsis, Adi
=09Stav, James Yonan.
___________________________________________________________________________=
___
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic