LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Eridani alert ERISA-2002:033 (openssl)



From:
    	      Eridani Star System <linux@eridani.co.uk>


To:
    	      eridani-announce@eridani.co.uk


Subject:
    	      [Eridani-Announce] ERISA-2002:033 - openssl


Date:
    	      Tue, 30 Jul 2002 18:29:56 +0100 (BST)



=========================================================================
		ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================

Package:	openssl
Summary:	Buffer overflow vulnerabilities found in OpenSSL
Date:		2002-07-30
ID:		ERISA-2002:033

=========================================================================

Problem description:

  A recent DARPA security audit of OpenSSL found several buffer overflows in
  OpenSSL versions 0.9.7, and 0.9.6d and earlier, including 0.9.5:

1:On 64-bit platforms various buffers which were used for storing ASCII
  representations of integers were too small.
2:A client could send an oversized master key to an SSL ver 2 server could be
  oversized, causing a stack overflow. This is remotely exploitable. Services
  not running SSL ver 2 are not vulnerable to this.
3:The session ID sent by a malicious server to a client could be made to
  overflow a buffer. This could be remotely exploitable.

  Since many components within Eridani Linux use this library, we strongly
  advise that this update be applied, and that users then reboot their
  machines.

-------------------------------------------------------------------------
Updated packages:

  3f7aa05c978698a544dd0ef31c91cb59  openssl-0.9.5a-28.src.rpm

  beb891df4f2705d55e2eac36dda65306  openssl-0.9.5a-28.i386.rpm
  ad62092fc3e107dd958d526e881df09b  openssl-devel-0.9.5a-28.i386.rpm
  67b039ee0776bc5f25e9dc8bb8f42dfd  openssl-perl-0.9.5a-28.i386.rpm
  b5f9740ebb932f93d0efc04917a0cc7c  openssl-python-0.9.5a-28.i386.rpm

-------------------------------------------------------------------------
References:

  CAN-2002-0655
  CAN-2002-0656

=========================================================================

Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/

Packages are signed with our GNU GPG key, also on our FTP site.

Users of releases of Eridani Linux prior to 6.3 are advised to download
the source RPM and rebuild for their system.

Copyright (C)2002 Eridani Star System

-- Michael "Soruk" McConnell                       http://www.eridani.co.uk
Eridani Linux  --  The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...

_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.