[Full-Disclosure] [TURBOLINUX SECURITY INFO] 01/Oct/2003
From: Turbolinux (security-announce_at_turbolinux.co.jp)
Date: 10/01/03
- Previous message: Sebastian Krahmer: "[Full-Disclosure] SuSE Security Announcement: mysql (SuSE-SA:2003:042)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-announce@turbolinux.co.jp Date: Wed, 1 Oct 2003 19:35:31 +0900
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 01/Oct/2003
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) openssl -> DoS vulnerability in openssl
===========================================================
* openssl -> DoS vulnerability in openssl
===========================================================
More information :
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade,
full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
Unusual ASN.1 tag values can cause an out of bounds read under certain circumstances,
resulting in a denial of service vulnerability.
Impact :
The vulnerability allow an attacker can cause to denial of service of the openssl.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Server 6.5
- Turbolinux Advanced Server 6
- Turbolinux Server 6.1
- Turbolinux Workstation 6.0
Solution :
Please use turbopkg(zabom) tool to apply the update.
---------------------------------------------
# turbopkg
or
# zabom update openssl openssl-devel
---------------------------------------------
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssl-0.9.6k-2.src.rpm
2263218 7c7271e7263b1fc39847f5dd097dfac8
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-0.9.6k-2.i586.rpm
1366934 0f92e0d644d5ee1e44b31bcf531e1d8c
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-devel-0.9.6k-2.i586.rpm
1156710 584a99ceae84e0f457326b2fee6e06f1
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/openssl-0.9.6k-2.src.rpm
2263218 7f36441af28ed717ba65176c7b66680e
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssl-0.9.6k-2.i586.rpm
1367811 6526ca70ae9d6593e8be87bc193089d7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssl-devel-0.9.6k-2.i586.rpm
1156964 30f36c1d28481a8243ff38308efc7b1e
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/openssl-0.9.6k-2.src.rpm
2263218 834875cad5d1b9e7bbf316470728f97b
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssl-0.9.6k-2.i586.rpm
1335850 57efa60311c81b5af0f3721e08bf05ef
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssl-devel-0.9.6k-2.i586.rpm
1138724 b7a90942f1e81066443d94e921476f21
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/openssl-0.9.6k-2.src.rpm
2263218 4df3af6b3df204ff0fae655646cec9ae
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssl-0.9.6k-2.i586.rpm
1335646 e76c5ddc5ff49b3ffeaf704179bb1cf1
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssl-devel-0.9.6k-2.i586.rpm
1139634 702820b81eface29fdc6e7a8092674bc
<Turbolinux Server 6.5>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/openssl-0.9.6k-2.src.rpm
2263218 5f069ba70311d673515b6cc572748e3b
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssl-0.9.6k-2.i386.rpm
1466551 612a0925a8b7e276fb4ee2e867f86f61
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssl-devel-0.9.6k-2.i386.rpm
1273363 d466f3b0414335a8fde5243e714fc26b
<Turbolinux Advanced Server 6>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/openssl-0.9.6k-2.src.rpm
2263218 1ffa548a309f2da23f917e0d103d55e3
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssl-0.9.6k-2.i386.rpm
1466406 96f2960852682c5e42d14ac7d30d2647
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssl-devel-0.9.6k-2.i386.rpm
1273378 a32d760d95ceaeaf5167ee01d7c99772
<Turbolinux Server 6.1>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/openssl-0.9.6k-2.src.rpm
2263218 3fdbc119547bc30c5e1af46392ca7afb
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssl-0.9.6k-2.i386.rpm
1466596 6d44f572db79d5535b79411009f2ab02
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssl-devel-0.9.6k-2.i386.rpm
1273288 ed611659b314586557906d8399eab7a2
<Turbolinux Workstation 6.0>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/openssl-0.9.6k-2.src.rpm
2263218 863c8205dfe5f817078f8a7406560130
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssl-0.9.6k-2.i386.rpm
1466434 50bf1498d8c232928685b49c22ca9e98
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssl-devel-0.9.6k-2.i386.rpm
1273442 067ac26f535ffe4c60948443347a13db
References :
OepnSSL org
[OpenSSL Security Advisory [30 September 2003]]
http://www.openssl.org/news/secadv_20030930.txt
CVE
[CAN-2003-0543]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543
[CAN-2003-0544]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544
Turbolinux Security Advisory
[TLSA-2003-22]
http://www.turbolinux.com/security/TLSA-2003-22.txt
--------------------------------------------------------------------------
Revision History
01 Oct 2003 Initial release
--------------------------------------------------------------------------
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@turbolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/eq32K0LzjOqIJMwRAgWfAJ9qaZXGF6svuHn2jm7jG9L+AMJC3QCgt9Zk
NVDA46RnVaowRJsUbcM3+tg=
=Ofy/
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Sebastian Krahmer: "[Full-Disclosure] SuSE Security Announcement: mysql (SuSE-SA:2003:042)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
