User: Password:
|
|
Subscribe / Log in / New account

Netwosix alert NW-2004-0005 (openssl)

From:  Vincenzo Ciaglia <ciaglia@netwosix.org>
To:  bugtraq@securityfocus.com
Subject:  LNSA-#2004-0005: openssl
Date:  Wed, 17 Mar 2004 21:15:45 +0100
Cc:  lwn@lwn.net, announce@netwosix.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ************************************************************************************ Netwosix Linux Security Advisory #2004-0005 <http://www.netwosix.org> - ----------------------------------------------------------------------------------- Package name: openssl Summary: openssl upgraded package Date: 2004-03-17 Affected versions: Netwosix 1.0 ************************************************************************************ - -> Package description: - ------------------------ The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. - -> Problem description: - ------------------------ 1. Null-pointer assignment during SSL handshake 2. Out-of-bounds read affects Kerberos ciphersuites Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL are affected by this issue. Any application that makes use of OpenSSL's SSL/TLS library may be affected. Please contact your application vendor for details. - -> Action: - ------------------------ We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. - -> Location: - --------------------- You can download the latest version of this package in NEPOTE format from: <http://download.netwosix.org/0005/nepote> - -> Nepote Update (Nepote has been updated with new ports on 25 February 2004. Update your portage tree from http://nepote.netwosix.org, first): - --------------------- See this instructions to update the port of this package: # cd /usr/port/devel/openssl # rm nepote # wget http://download.netwosix.org/0005/nepote # sh nepote (to install the new and updated package) Pending vulnerabilities, solutions, workarounds # cd /usr/port/shells/openssh # rm nepote-dep # wget http://download.netwosix.org/0005/nepote-dep # sh nepote-dep (to install the new and updated package) - -> References - --------------------- Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112 http://www.openssl.org/news/secadv_20040317.txt - -> About Linux Netwosix: - --------------------------------- Linux Netwosix is a powerful and optimized Linux distribution for servers and Network Security related jobs. It can also be used for special operations such as penetration testing with its big collection of security oriented software and sources. It's a light distribution created for the requirements of every SysAdmin and it's very portable and highly configurable. Our philosophy is to give greater liberty for configuration to the SysAdmin. Only in this way can he/she configure a powerful and stable server machine. Linux Netwosix also has a powerful ports system (Nepote) similar to the xBSD systems but more flexible and usable. - -> Questions? - --------------------- Check out our mailing lists: <http://www.netwosix.org/mailing.html> The advisory itself is available at <http://www.netwosix.org/adv05.html> - -------------------------------------------------- MD5sums of the packages: - - -------------------------------------------------------------------------- 9c399210b16b3590be2bb81357442f9a 0005/nepote 1a89349bd258f15aa8810623e9f471d2 0005/nepote-dep - - -------------------------------------------------------------------------- Vincenzo Ciaglia - Linux Netwosix Security Advisories <ciaglia@netwosix.org> - <http://www.netwosix.org> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAWLNq6jz9pGuz4koRAi6TAJ0dkKMsr8rhln59cgbKTjgNDG2eCwCaAmAZ nI95RvNjazxaQc57/1JjgCA= =VtkN -----END PGP SIGNATURE-----


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds