[ MDVSA-2012:073 ] openssl



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:073
http://www.mandriva.com/security/
_______________________________________________________________________

Package : openssl
Date : May 11, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in openssl:

A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can
be exploited in a denial of service attack on both clients and servers
(CVE-2012-2333).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333
http://www.openssl.org/news/secadv_20120510.txt
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.1:
8866fcb4196eb1c2b79e748389c1443c 2010.1/i586/libopenssl0.9.8-0.9.8x-0.1mdv2010.2.i586.rpm
bd6c7dd96f536c4ec97f57e9b580039b 2010.1/SRPMS/openssl0.9.8-0.9.8x-0.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
bff80e93a38d93e49b7a11bb17a9fc70 2010.1/x86_64/lib64openssl0.9.8-0.9.8x-0.1mdv2010.2.x86_64.rpm
bd6c7dd96f536c4ec97f57e9b580039b 2010.1/SRPMS/openssl0.9.8-0.9.8x-0.1mdv2010.2.src.rpm

Mandriva Linux 2011:
19caf1a1a78056bce3ba1c9d4f1d0415 2011/i586/libopenssl1.0.0-1.0.0d-2.6-mdv2011.0.i586.rpm
02aa551535710c0d9803449c1802dbfa 2011/i586/libopenssl-devel-1.0.0d-2.6-mdv2011.0.i586.rpm
3555729a0e0009a0764e942dfeee68d8 2011/i586/libopenssl-engines1.0.0-1.0.0d-2.6-mdv2011.0.i586.rpm
502a554614d25909a184c0da675cbba8 2011/i586/libopenssl-static-devel-1.0.0d-2.6-mdv2011.0.i586.rpm
01b3d6af849b464706b89caceaed0d79 2011/i586/openssl-1.0.0d-2.6-mdv2011.0.i586.rpm
937b9e875720421f40755c25ea632ea5 2011/SRPMS/openssl-1.0.0d-2.6.src.rpm

Mandriva Linux 2011/X86_64:
9a9ae392fb95474723642fdf96f4f142 2011/x86_64/lib64openssl1.0.0-1.0.0d-2.6-mdv2011.0.x86_64.rpm
bd72ce2cec3d54cea1cebc330f99b8b9 2011/x86_64/lib64openssl-devel-1.0.0d-2.6-mdv2011.0.x86_64.rpm
cc5a547f2ba9050167033a5577028a6b 2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.6-mdv2011.0.x86_64.rpm
e4c484c9ce59772c5db0dcce8fd1a089 2011/x86_64/lib64openssl-static-devel-1.0.0d-2.6-mdv2011.0.x86_64.rpm
2627947f2918036433adb94b1e3fb969 2011/x86_64/openssl-1.0.0d-2.6-mdv2011.0.x86_64.rpm
937b9e875720421f40755c25ea632ea5 2011/SRPMS/openssl-1.0.0d-2.6.src.rpm

Mandriva Enterprise Server 5:
eac9b4f5fbe83b963c739ceab0802b23 mes5/i586/libopenssl0.9.8-0.9.8h-3.16mdvmes5.2.i586.rpm
69fca6182cdc0dab36bf3c9749ebb29a mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.16mdvmes5.2.i586.rpm
de51afae564823dc53fa03c93b0600db mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.16mdvmes5.2.i586.rpm
1f28862f4a82c608bdfd7a33acc4886e mes5/i586/openssl-0.9.8h-3.16mdvmes5.2.i586.rpm
5010c18bde45e7521094adc6830bacaf mes5/SRPMS/openssl-0.9.8h-3.16mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
e96273b6039706744defbd92900ef1b8 mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.16mdvmes5.2.x86_64.rpm
7670ac7b6ebf786327d8dbe7c29be516 mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.16mdvmes5.2.x86_64.rpm
13631cb5321b44a4efdcb5ea405836c9 mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.16mdvmes5.2.x86_64.rpm
7804bf621b5b1783dd1bd505ac62317a mes5/x86_64/openssl-0.9.8h-3.16mdvmes5.2.x86_64.rpm
5010c18bde45e7521094adc6830bacaf mes5/SRPMS/openssl-0.9.8h-3.16mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPrOcmmqjQ0CJFipgRAqiVAKDwDZp9x3Zbo1gcmVDO5AEBWJGQJQCggX0g
kxu88BU+DoJuQmuWBZyTT4I=
=N2/S
-----END PGP SIGNATURE-----



Relevant Pages

  • [Full-disclosure] [ MDVSA-2013:301 ] nss
    ... Business Server 1.0, Enterprise Server 5.0 ... This certificate ... Additionally the rootcerts packages has been upgraded with the latest ... Mandriva Enterprise Server 5/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2013:301 ] nss
    ... Business Server 1.0, Enterprise Server 5.0 ... This certificate ... Additionally the rootcerts packages has been upgraded with the latest ... Mandriva Enterprise Server 5/X86_64: ...
    (Bugtraq)
  • [ MDVSA-2011:146 ] cups
    ... 2009.0, 2010.1, Enterprise Server 5.0 ... Packages for 2009.0 are provided as of the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2014:010 ] memcached
    ... Business Server 1.0, Enterprise Server 5.0 ... authentication by sending an invalid request with SASL credentials, ... Updated Packages: ... Mandriva Enterprise Server 5/X86_64: ...
    (Full-Disclosure)
  • [Full-disclosure] [ MDVSA-2009:163 ] tomcat5
    ... Affected: Enterprise Server 5.0 ... The updated packages have been patched to prevent this. ... Mandriva Enterprise Server 5/X86_64: ... All packages are signed by Mandriva for security. ...
    (Full-Disclosure)