Immunix Secured OS 7+ openssl update
From: Immunix Security Team (security@wirex.com)
Date: 03/27/03
- Previous message: Jason Brooke: "Re: @(#)Mordred Labs advisory - PHP for Win32: buffer overflow in openlog() function"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Mar 2003 18:24:12 -0800 From: Immunix Security Team <security@wirex.com> To: bugtraq@securityfocus.com, immunix-announce@immunix.org
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: openssl, openssh, mod_ssl
Affected products: ImmunixOS 6.2, 7.0, 7+
Bugs fixed: CAN-2003-0131 CAN-2003-0147
Date: Wed Mar 26 2003
Advisory ID: IMNX-2003-7+-001-01
Author: Seth Arnold <sarnold@wirex.com>
-----------------------------------------------------------------------
Description:
This update fixes two problems with openssl packages and recompiles
openssh and mod_ssl against the new version of openssl. Quoting from
the OpenSSL advisory:
Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa have come up with an
extension of the "Bleichenbacher attack" on RSA with PKCS #1 v1.5
padding as used in SSL 3.0 and TLS 1.0. Their attack requires the
attacker to open millions of SSL/TLS connections to the server under
attack; the server's behaviour when faced with specially made-up RSA
ciphertexts can reveal information that in effect allows the attacker
to perform a single RSA private key operation on a ciphertext of
its choice using the server's RSA key. Note that the server's RSA
key is not compromised in this attack.
The other problem, quoting from the CERT advisory: David Brumley and Dan
Boneh, researchers at Stanford University, have written a paper that
demonstrates a practical attack that can be used to extract private
keys from vulnerable RSA applications. Using statistical techniques
and carefully measuring the amount of time required to complete an
RSA operation, an attacker can recover one of the factors (q) of the
RSA key. [...] Under optimal conditions, a 1024-bit RSA private key
was extracted in approximately two hours using ~350,000 guesses.
References: http://www.kb.cert.org/vuls/id/997481
http://www.openssl.org/news/secadv_20030319.txt
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/mod_ssl-2.8.12-1.7_imnx_2.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssh-3.4p1-1_imnx_10.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssh-askpass-3.4p1-1_imnx_10.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssh-clients-3.4p1-1_imnx_10.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssh-server-3.4p1-1_imnx_10.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssl-0.9.6g-1_imnx_2.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssl-devel-0.9.6g-1_imnx_2.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssl-perl-0.9.6g-1_imnx_2.i386.rpm
Immunix OS 7+ md5sums:
17a8a4c07a421c0b0a98369d77d06ed4 openssh-3.4p1-1_imnx_10.i386.rpm
59bffcfb9ca2fbe74e9d2eb3568d134a openssh-askpass-3.4p1-1_imnx_10.i386.rpm
37d2acf53c72ee23e5f9576557a5fd6e openssh-clients-3.4p1-1_imnx_10.i386.rpm
d61f9a2c3fc41f8dded88f2b84be2a83 openssh-server-3.4p1-1_imnx_10.i386.rpm
ccb8fa2cce44efa243d368cf7785b9cf openssl-0.9.6g-1_imnx_2.i386.rpm
0ba9e8a2c9728a64ee4a89aa2cecd804 openssl-devel-0.9.6g-1_imnx_2.i386.rpm
fa6f0d1dde78b941a8bc9147dfd7a5b6 openssl-perl-0.9.6g-1_imnx_2.i386.rpm
490d4340e153daff3e3e4e548321e5af mod_ssl-2.8.12-1.7_imnx_2.i386.rpm
GPG verification:
Our public key is available at <http://wirex.com/security/GPG_KEY>.
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@wirex.com. WireX
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>.
- application/pgp-signature attachment: stored
- Previous message: Jason Brooke: "Re: @(#)Mordred Labs advisory - PHP for Win32: buffer overflow in openlog() function"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
