LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for December 4, 2008

KSM runs into patent trouble

Tux3: the other next-generation filesystem

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Eridani alert ERISA-2002:034 (openssl)



From:
    	      Eridani Star System <linux@eridani.co.uk>


To:
    	      eridani-announce@eridani.co.uk


Subject:
    	      [Eridani-Announce] ERISA-2002:034 - openssl


Date:
    	      Tue, 6 Aug 2002 18:34:50 +0100 (BST)



=========================================================================
		ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================

Package:	openssl
Summary:	SSL protocol data stream length validation bug
Date:		2002-08-06
ID:		ERISA-2002:034

=========================================================================

Problem description:

  The SSL protocol data stream includes the lengths of data structures
  being transferred, and these lengths may not be validated correctly.
  A malicious client or server could use this to cause an SSL-enabled
  application to crash or lock up, and can be used as a denial-of-service
  attack if the affected process is a server.  Whether this could be used
  for remote code execution has not been verified.

-------------------------------------------------------------------------
Updated packages:

  7081df155e433b186986fa35d7e52279  openssl-0.9.5a-30.src.rpm

  542c9cfc2c7ebc7a0aeee3b3f964f667  openssl-0.9.5a-30.i386.rpm
  264da10bab96d3a8eaeb9c385004e1f2  openssl-devel-0.9.5a-30.i386.rpm
  9d0b9733d2952f2694571c8adb9ef739  openssl-perl-0.9.5a-30.i386.rpm
  dbdef530a747aee04514beb7e6f38e4e  openssl-python-0.9.5a-30.i386.rpm

-------------------------------------------------------------------------
References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659

=========================================================================

Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/

Packages are signed with our GNU GPG key, also on our FTP site.

Users of releases of Eridani Linux prior to 6.3 are advised to download
the source RPM and rebuild for their system.

Copyright (C)2002 Eridani Star System

-- Michael "Soruk" McConnell                       http://www.eridani.co.uk
Eridani Linux  --  The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...

_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds