LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2009-0325 (openssl)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 9 Update: openssl-0.9.8g-9.12.fc9


Date:
    	      Thu, 08 Jan 2009 04:19:17 +0000


Message-ID:
    	      <20090108041917.CA803208421@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-0325
2009-01-08 03:18:03
--------------------------------------------------------------------------------

Name        : openssl
Product     : Fedora 9
Version     : 0.9.8g
Release     : 9.12.fc9
URL         : http://www.openssl.org/
Summary     : The OpenSSL toolkit
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

--------------------------------------------------------------------------------
Update Information:

Only one important security fix and two very simple bugfixes.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan  7 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8g-9.12
- fix CVE-2008-5077 - incorrect checks for malformed signatures (#476671)
- add -no_ign_eof option (#462393)
- do not add tls extensions to server hello for SSLv3 either
* Wed May 28 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8g-9
- fix CVE-2008-0891 - server name extension crash (#448492)
- fix CVE-2008-1672 - server key exchange message omit crash (#448495)
* Tue May 27 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8g-8
- super-H arch support
- drop workaround for bug 199604 as it should be fixed in gcc-4.3
* Mon May 19 2008 Tom "spot" Callaway <tcallawa@redhat.com> 0.9.8g-7
- sparc handling
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #476671 - CVE-2008-5077 OpenSSL Incorrect checks for malformed signatures
        https://bugzilla.redhat.com/show_bug.cgi?id=476671
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update openssl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds