LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2005-1042 (openssl096b)



From:
    	      "Tomas Mraz" <tmraz@redhat.com>


To:
    	      fedora-announce-list@redhat.com


Subject:
    	      [SECURITY] Fedora Core 3 Update: openssl096b-0.9.6b-21.42


Date:
    	      Mon, 31 Oct 2005 15:15:30 -0500


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1042
2005-10-31
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : openssl096b
Version     : 0.9.6b                      
Release     : 21.42                  
Summary     : The OpenSSL toolkit.
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

---------------------------------------------------------------------
Update Information:

CAN-2004-0079, a remote crasher, was originally believed to
only affect versions of OpenSSL after 0.9.6b verified with
Codenomicon test suite (see pkt539.c). However we've had a
customer report that this affects 0.9.6b via a different
reproducer. This therefore affects the openssl096b
compat packages as shipped with FC-3.

---------------------------------------------------------------------
* Mon Oct 31 2005 Tomas Mraz <tmraz@redhat.com> 0.9.6b-21.42
- fix CVE-2004-0079 - prevent a null pointer assignment in
  do_change_cipher_spec()
- add security fix for CVE-2003-0851 to sync with 2.1AS


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/u...

8d68e4b430aa7c5ca067c12866ae694e  SRPMS/openssl096b-0.9.6b-21.42.src.rpm
54a9e78a2fdd625b9dc9121e09eb4398  x86_64/openssl096b-0.9.6b-21.42.x86_64.rpm
c5c6174e23eba8d038889d08f49231b8  x86_64/debug/openssl096b-debuginfo-0.9.6b-21.42.x86_64.rpm
56b63fc150d0c099b2e4f0950e21005b  x86_64/openssl096b-0.9.6b-21.42.i386.rpm
56b63fc150d0c099b2e4f0950e21005b  i386/openssl096b-0.9.6b-21.42.i386.rpm
93195495585c7e9789041c75b1ed5380  i386/debug/openssl096b-debuginfo-0.9.6b-21.42.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

-- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds