LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Scientific Linux alert SL-open-20120425 (openssl)



From:
    	      riehecky@fnal.gov 


To:
    	      scientific-linux-errata@fnal.gov 


Subject:
    	      Security ERRATA Important: openssl on SL5.x, SL6.x i386/x86_64 


Date:
    	      Wed, 25 Apr 2012 11:34:23 -0500


Message-ID:
    	      <201204251634.q3PGYNCk008961@fefmon2.fnal.gov>


Archive-link:
    	      Article, Thread
              


Synopsis:    Important: openssl security update
Issue Date:  2012-04-24
CVE Numbers: CVE-2012-2110


OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

Multiple numeric conversion errors, leading to a buffer overflow, were
found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data
from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER
(Distinguished Encoding Rules) encoded data read from a file or other BIO
input could cause an application using the OpenSSL library to crash or,
potentially, execute arbitrary code. (CVE-2012-2110)

All OpenSSL users should upgrade to these updated packages, which contain
a backported patch to resolve this issue. For the update to take effect,
all services linked to the OpenSSL library must be restarted, or the system
rebooted.

SL5:
  i386
     openssl-0.9.8e-22.el5_8.3.i386.rpm
     openssl-0.9.8e-22.el5_8.3.i686.rpm
     openssl-debuginfo-0.9.8e-22.el5_8.3.i386.rpm
     openssl-debuginfo-0.9.8e-22.el5_8.3.i686.rpm
     openssl-devel-0.9.8e-22.el5_8.3.i386.rpm
     openssl-perl-0.9.8e-22.el5_8.3.i386.rpm
     openssl097a-0.9.7a-11.el5_8.2.i386.rpm
     openssl097a-debuginfo-0.9.7a-11.el5_8.2.i386.rpm
  x86_64
     openssl-0.9.8e-22.el5_8.3.i686.rpm
     openssl-0.9.8e-22.el5_8.3.x86_64.rpm
     openssl-debuginfo-0.9.8e-22.el5_8.3.i386.rpm
     openssl-debuginfo-0.9.8e-22.el5_8.3.i686.rpm
     openssl-debuginfo-0.9.8e-22.el5_8.3.x86_64.rpm
     openssl-devel-0.9.8e-22.el5_8.3.i386.rpm
     openssl-devel-0.9.8e-22.el5_8.3.x86_64.rpm
     openssl-perl-0.9.8e-22.el5_8.3.x86_64.rpm
     openssl097a-0.9.7a-11.el5_8.2.i386.rpm
     openssl097a-0.9.7a-11.el5_8.2.x86_64.rpm
     openssl097a-debuginfo-0.9.7a-11.el5_8.2.i386.rpm
     openssl097a-debuginfo-0.9.7a-11.el5_8.2.x86_64.rpm
SL6:
  i386
     openssl-1.0.0-20.el6_2.4.i686.rpm
     openssl-debuginfo-1.0.0-20.el6_2.4.i686.rpm
     openssl-devel-1.0.0-20.el6_2.4.i686.rpm
     openssl-perl-1.0.0-20.el6_2.4.i686.rpm
     openssl-static-1.0.0-20.el6_2.4.i686.rpm
     openssl098e-0.9.8e-17.el6_2.2.i686.rpm
     openssl098e-debuginfo-0.9.8e-17.el6_2.2.i686.rpm
  x86_64
     openssl-1.0.0-20.el6_2.4.i686.rpm
     openssl-1.0.0-20.el6_2.4.x86_64.rpm
     openssl-debuginfo-1.0.0-20.el6_2.4.i686.rpm
     openssl-debuginfo-1.0.0-20.el6_2.4.x86_64.rpm
     openssl-devel-1.0.0-20.el6_2.4.i686.rpm
     openssl-devel-1.0.0-20.el6_2.4.x86_64.rpm
     openssl-perl-1.0.0-20.el6_2.4.x86_64.rpm
     openssl-static-1.0.0-20.el6_2.4.x86_64.rpm
     openssl098e-0.9.8e-17.el6_2.2.i686.rpm
     openssl098e-0.9.8e-17.el6_2.2.x86_64.rpm
     openssl098e-debuginfo-0.9.8e-17.el6_2.2.i686.rpm
     openssl098e-debuginfo-0.9.8e-17.el6_2.2.x86_64.rpm

- Scientific Linux Development Team
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds