NOVL-2003-10087450 - Novell Response to NISCC/CERT Advisories re: OpenSSL - revised url

From: Ed Reed (ereed_at_novell.com)
Date: 10/01/03

  • Next message: Terry Bankert: "Re: SSGbook (ASP)"
    Date: Wed, 01 Oct 2003 15:22:42 -0600
    To: <security-alerts@list.novell.com>
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    For Immediate Disclosure

    ============================== Summary ==============================

     Security Alert: NOVL-2003-10087450
              Title: Novell Response to NISCC/CERT Advisories re: OpenSSL
               Date: 01-Oct-2003
           Revision: Original
       Product Name: All Products supporting SSL
     OS/Platform(s): Netware 6.x, Windows 2000/XP, UNIX, Solaris, HP-UX,
                     Linux
      Reference URL: http://support.novell.com/servlet/tidfinder/10087450
        Vendor Name: Novell, Inc.
         Vendor URL: http://www.novell.com
    Security Alerts: http://support.novell.com/security-alerts
            Affects: Various ? to be announced
        Identifiers: CERT VU#255484, 380864, 686224, 935264, 732952,
                     CAN-2003-0543, CAN-2003-0544, CAN-2003-0545
            Credits: NISCC - U.K. National Infrastructure Security
                     Co-ordination Centre

    ============================ Description ============================

    Several vulnerabilities in OpenSSL (see
    http://www.openssl.org/news/secadv_20030930.txt )

    ============================== Impact ===============================

    Novell is reviewing our application portfolio to identify products
    affected by the vulnerabilities reported by the NISCC. We have the
    patched OpenSSL code and are reviewing and testing it internally, and
    preparing patches for our products that are affected. We
    expect the first patches to become available via our Security Alerts
    web site (http://support.novell.com/security-alerts) during the week
    of 6 Oct 2003. Customers are urged to monitor our web site for
    patches to versions of our products that they use and apply them
    expeditiously.

    ======================== Recommended Actions ========================

    See detailed instructions in the referenced Technical Information
    Document (TID) http://support.novell.com/servlet/tidfinder/10087450.

    ============================ DISCLAIMER =============================

    The content of this document is believed to be accurate at the time
    of publishing based on currently available information. However, the
    information is provided "AS IS" without any warranty or
    representation. Your use of the document constitutes acceptance of
    this disclaimer. Novell disclaims all warranties, express or implied,
    regarding this document, including the warranties of merchantability
    and fitness for a particular purpose. Novell is not liable for any
    direct, indirect, or consequential loss or damage arising from use
    of, or reliance on, this document or any security alert, even if
    Novell has been advised of the possibility of such damages and even
    if such damages are foreseeable.

    ============================ Appendices =============================

    None

    ================ Contacting Novell Security Alerts ==================

    To report suspected security vulnerabilities in Novell products, send
    email to
                secure@novell.com

    or use the web form at our website

                http://support.novell.com/security-alerts

    PGP users may send signed/encrypted information to us using our PGP
    key, available from the pgpkeys.mit.edu server, or our website.

    Users wishing to be notified when Novell Security Alerts are issued
    may register their email address at

                http://www.novell.com/info/list/

    Security Alerts, Novell, Inc. PGP Key Fingerprint:

    F5AE 9265 0A34 F84E 580E 9B87 3AC1 1974 DE05 0FDB

    ========================= Revision History ==========================
           Original: 01-Oct-2003 - Original Publication

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Personal Security 7.0.3

    iQA/AwUBP3tFiTrBGXTeBQ/bEQK6hQCfb6cl3PDC0uN2p8Kmzl3Fx3TGCK0Ani3l
    jS+CnSu6PUm6XZcH5aFDff6/
    =AFcZ
    -----END PGP SIGNATURE-----


  • Next message: Terry Bankert: "Re: SSGbook (ASP)"

    Relevant Pages