![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: dburcaw@newhope.terraplex.com
To: yellowdog-updates@lists.yellowdoglinux.com
Subject: [yellowdog-updates] Yellow Dog Linux Security Advisory: YDU-20010725-20
Date: 10 Aug 2001 02:32:36 -0000
Yellow Dog Linux Security Announcement
--------------------------------------
Package: openssl
Issue Date: July 25, 2001
Priority: high
Advisory ID: YDU-20010725-20
1. Topic:
Several security vulnerabilities were
discovered in the OpenSSL software.
2. Problem:
"Versions of OpenSSL prior to 0.9.6a suffer from potential security
problems. These include potential leakage of information after SSL
version 3 key exchanges, imperfect distribution of random numbers used
when generating signatures, honoring of sensitive environment variables
in library functions in setuid or setgid applications, and not taking
precautions to counter effects of potential hardware glitches when
generating digital signatures.
A flaw has also been found in the pseudo-random number generator used
in versions of OpenSSL prior to 0.9.6b. The OpenSSL Project Team has
released a patch which corrects this problem."
(from Red Hat's security advisory)
3. Solution:
a) Updating via yup...
We suggest that you use the Yellow Dog Update Program (yup)
to keep your system up-to-date. The following command(s) will
automatically retrieve and install the fixed version of
this update onto your system:
yup update openssl
yup update openssl-devel
yup update openssl-perl
yup update openssl-python
b) Updating manually...
The update can also be retrieved manually from our ftp site
below along with the rpm command that should be used to install
the update. (Please use a mirror site)
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.0/ppc/RPMS/
rpm -Fvh openssl-0.9.6-9.src.rpm
rpm -Fvh openssl-devel-0.9.6-9.src.rpm
rpm -Fvh openssl-perl-0.9.6-9.src.rpm
rpm -Fvh openssl-python-0.9.6-9.src.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
f193e7d11639893b5380d7125fc7aefc SRPMS/openssl-0.9.6-9.src.rpm
b099fe4944ab4ce3d55da40ef1806c3e ppc/RPMS/openssl-0.9.6-9.ppc.rpm
3385bcf0fef71ac48a1c0358deed076d ppc/RPMS/openssl-devel-0.9.6-9.ppc.rpm
98b7f2af7d7a17718c959cb1600755bd ppc/RPMS/openssl-perl-0.9.6-9.ppc.rpm
9a0619a7fd58019d3cd5b54f2754e6e6 ppc/RPMS/openssl-python-0.9.6-9.ppc.rpm
If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename
5. Misc.
Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.
For information regarding the usage of yup, the Yellow Dog Update Program, see
http://devel.yellowdoglinux.com/rp_yup.shtml