NOVL-2003-10087450 - Novell Response to NISCC/CERT Advisories re: OpenSSL - revised url

From: Ed Reed (
Date: 10/01/03

  • Next message: Terry Bankert: "Re: SSGbook (ASP)"
    Date: Wed, 01 Oct 2003 15:22:42 -0600
    To: <>

    Hash: SHA1

    For Immediate Disclosure

    ============================== Summary ==============================

     Security Alert: NOVL-2003-10087450
              Title: Novell Response to NISCC/CERT Advisories re: OpenSSL
               Date: 01-Oct-2003
           Revision: Original
       Product Name: All Products supporting SSL
     OS/Platform(s): Netware 6.x, Windows 2000/XP, UNIX, Solaris, HP-UX,
      Reference URL:
        Vendor Name: Novell, Inc.
         Vendor URL:
    Security Alerts:
            Affects: Various ? to be announced
        Identifiers: CERT VU#255484, 380864, 686224, 935264, 732952,
                     CAN-2003-0543, CAN-2003-0544, CAN-2003-0545
            Credits: NISCC - U.K. National Infrastructure Security
                     Co-ordination Centre

    ============================ Description ============================

    Several vulnerabilities in OpenSSL (see )

    ============================== Impact ===============================

    Novell is reviewing our application portfolio to identify products
    affected by the vulnerabilities reported by the NISCC. We have the
    patched OpenSSL code and are reviewing and testing it internally, and
    preparing patches for our products that are affected. We
    expect the first patches to become available via our Security Alerts
    web site ( during the week
    of 6 Oct 2003. Customers are urged to monitor our web site for
    patches to versions of our products that they use and apply them

    ======================== Recommended Actions ========================

    See detailed instructions in the referenced Technical Information
    Document (TID)

    ============================ DISCLAIMER =============================

    The content of this document is believed to be accurate at the time
    of publishing based on currently available information. However, the
    information is provided "AS IS" without any warranty or
    representation. Your use of the document constitutes acceptance of
    this disclaimer. Novell disclaims all warranties, express or implied,
    regarding this document, including the warranties of merchantability
    and fitness for a particular purpose. Novell is not liable for any
    direct, indirect, or consequential loss or damage arising from use
    of, or reliance on, this document or any security alert, even if
    Novell has been advised of the possibility of such damages and even
    if such damages are foreseeable.

    ============================ Appendices =============================


    ================ Contacting Novell Security Alerts ==================

    To report suspected security vulnerabilities in Novell products, send
    email to

    or use the web form at our website


    PGP users may send signed/encrypted information to us using our PGP
    key, available from the server, or our website.

    Users wishing to be notified when Novell Security Alerts are issued
    may register their email address at


    Security Alerts, Novell, Inc. PGP Key Fingerprint:

    F5AE 9265 0A34 F84E 580E 9B87 3AC1 1974 DE05 0FDB

    ========================= Revision History ==========================
           Original: 01-Oct-2003 - Original Publication

    Version: PGP Personal Security 7.0.3

    -----END PGP SIGNATURE-----

  • Next message: Terry Bankert: "Re: SSGbook (ASP)"