[ MDVSA-2012:011 ] openssl



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:011
http://www.mandriva.com/security/
_______________________________________________________________________

Package : openssl
Date : January 29, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in openssl:

OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications,
which allows remote attackers to cause a denial of service via
unspecified vectors. NOTE: this vulnerability exists because of an
incorrect fix for CVE-2011-4108 (CVE-2012-0050).

The updated packages have been patched to correct this issue.

The openssl0.9.8 packages for 2010.2 have been upgraded to the 0.9.8t
version which is not vulnerable to this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050
http://www.openssl.org/news/secadv_20120118.txt
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.1:
3d1552028a1193f09e656595a7086e7c 2010.1/i586/libopenssl0.9.8-0.9.8t-0.1mdv2010.2.i586.rpm
1d0afb14e5d538d2ab693ad50656ba27 2010.1/i586/libopenssl1.0.0-1.0.0a-1.10mdv2010.2.i586.rpm
9b2da169cce478da088420e9bac3da73 2010.1/i586/libopenssl1.0.0-devel-1.0.0a-1.10mdv2010.2.i586.rpm
d60d92da1039e69bb8dce3669fa15394 2010.1/i586/libopenssl1.0.0-static-devel-1.0.0a-1.10mdv2010.2.i586.rpm
e1bdbc476c945d01dba413633de4c9f3 2010.1/i586/libopenssl-engines1.0.0-1.0.0a-1.10mdv2010.2.i586.rpm
74fced6c024c55ae564431785c425ea6 2010.1/i586/openssl-1.0.0a-1.10mdv2010.2.i586.rpm
8900a99630c54b95e8181a035f19c5d3 2010.1/SRPMS/openssl0.9.8-0.9.8t-0.1mdv2010.2.src.rpm
c1dbd62acd6152eb430b7b7b040f6daa 2010.1/SRPMS/openssl-1.0.0a-1.10mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
360aa3cdcc7bd5389a49029f556d8b1f 2010.1/x86_64/lib64openssl0.9.8-0.9.8t-0.1mdv2010.2.x86_64.rpm
38b2ea8779ecb5000aa42e1223177a16 2010.1/x86_64/lib64openssl1.0.0-1.0.0a-1.10mdv2010.2.x86_64.rpm
24a3d4891c49a6834c900f51a296cb78 2010.1/x86_64/lib64openssl1.0.0-devel-1.0.0a-1.10mdv2010.2.x86_64.rpm
1402f25fd2a9556008e7a3844d2796e2 2010.1/x86_64/lib64openssl1.0.0-static-devel-1.0.0a-1.10mdv2010.2.x86_64.rpm
8de0784934ade0205c5a35b58fd8e2e1 2010.1/x86_64/lib64openssl-engines1.0.0-1.0.0a-1.10mdv2010.2.x86_64.rpm
2b4f6bba324f1b1ff9b50608892a36a5 2010.1/x86_64/openssl-1.0.0a-1.10mdv2010.2.x86_64.rpm
8900a99630c54b95e8181a035f19c5d3 2010.1/SRPMS/openssl0.9.8-0.9.8t-0.1mdv2010.2.src.rpm
c1dbd62acd6152eb430b7b7b040f6daa 2010.1/SRPMS/openssl-1.0.0a-1.10mdv2010.2.src.rpm

Mandriva Linux 2011:
d4ab0a6f45773b5529160783b6c51666 2011/i586/libopenssl1.0.0-1.0.0d-2.3-mdv2011.0.i586.rpm
dcd8cf9975aaff3b7a0263acffc8a969 2011/i586/libopenssl-devel-1.0.0d-2.3-mdv2011.0.i586.rpm
1d1dea32f05f3e05b4e88666d54f8000 2011/i586/libopenssl-engines1.0.0-1.0.0d-2.3-mdv2011.0.i586.rpm
ab30c467a26a3004c05db723a8638351 2011/i586/libopenssl-static-devel-1.0.0d-2.3-mdv2011.0.i586.rpm
8a459b25df75691ad36f366f7ab52bcf 2011/i586/openssl-1.0.0d-2.3-mdv2011.0.i586.rpm
f62697910799a948e6f6968f6dabbd57 2011/SRPMS/openssl-1.0.0d-2.3.src.rpm

Mandriva Linux 2011/X86_64:
5437abb7d5123efc1fcd7bf5748b7858 2011/x86_64/lib64openssl1.0.0-1.0.0d-2.3-mdv2011.0.x86_64.rpm
5f92319e8040dae6d769a51d6b9d7859 2011/x86_64/lib64openssl-devel-1.0.0d-2.3-mdv2011.0.x86_64.rpm
3b96d82a1f2f0714512435d2647ec4d5 2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.3-mdv2011.0.x86_64.rpm
182c0e2a4a247bbd3530eeab5fbe4c51 2011/x86_64/lib64openssl-static-devel-1.0.0d-2.3-mdv2011.0.x86_64.rpm
aed76398cf865b3e516a853e0ae74128 2011/x86_64/openssl-1.0.0d-2.3-mdv2011.0.x86_64.rpm
f62697910799a948e6f6968f6dabbd57 2011/SRPMS/openssl-1.0.0d-2.3.src.rpm

Mandriva Enterprise Server 5:
c67d477c8f43a359d6e1cc1235c026d9 mes5/i586/libopenssl0.9.8-0.9.8h-3.13mdvmes5.2.i586.rpm
d79856916fba2623cb03cf5cfbe2f3d5 mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.13mdvmes5.2.i586.rpm
ab5062b36b43682ffb848a11e7f10913 mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.13mdvmes5.2.i586.rpm
75ae211ecce78408dda0d4c7b0272069 mes5/i586/openssl-0.9.8h-3.13mdvmes5.2.i586.rpm
46b0cd56f7708e8b92fe96fc21f23ed4 mes5/SRPMS/openssl-0.9.8h-3.13mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
db577969e2d0f2314172255056bd0b39 mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.13mdvmes5.2.x86_64.rpm
f7eb1f4a2546c589020a45e9995d174d mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.13mdvmes5.2.x86_64.rpm
98e904938a2d04431844f8ece734bf1b mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.13mdvmes5.2.x86_64.rpm
60ed4104d96569f0dfb8e3b923281fa9 mes5/x86_64/openssl-0.9.8h-3.13mdvmes5.2.x86_64.rpm
46b0cd56f7708e8b92fe96fc21f23ed4 mes5/SRPMS/openssl-0.9.8h-3.13mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPJW7umqjQ0CJFipgRAmDbAKDae8Cqx8llncz8trm6uoarxn34nwCgkDUq
okA8oBecQChNAD1yuwcBPp4=
=Lg5u
-----END PGP SIGNATURE-----



Relevant Pages