Fedora Legacy Test Update Notification: openssl096

Jesse Keating jkeating at j2solutions.net
Mon Mar 22 23:29:13 UTC 2004 

---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-1395
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1395
2004-03-22
---------------------------------------------------------------------
 
Name        : openssl096
Version 7.2 : 0.9.6-25.7.legacy
Version 7.3 : 0.9.6-25.7.legacy
Version 8.0 : 0.9.6-24.8.legacy
Summary     : Secure Sockets Layer Toolkit.
Description :
The OpenSSL certificate management tool and the shared libraries that
provide various cryptographic algorithms and protocols.
 
---------------------------------------------------------------------
Update Information:
 
CAN-2003-0851:
OpenSSL 0.9.6k does not properly handle certain ASN.1 sequences. As a 
result, OpenSSL performs a recursive function call that could exhaust 
system resources and crash the process using the OpenSSL library.
  
CAN-2004-0081:
OpenSSL prior to version 0.9.6d does not properly handle unknown message 
types. An attacker could cause the application using OpenSSL to enter 
an infinite loop, resulting in a denial of service.
---------------------------------------------------------------------
Changelog:
 
7.2/7.3

* Thu Mar 18 2004 Jesse Keating <jkeating at j2solutions.net>
 
- 0.9.6-25.7.legacy (there is no -24, move along)
- add security fixes for CAN-2004-0081 and CAN-2003-0851
- add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get 
tagged
  as not needing executable stacks.  Ported from RHEL2.1AS packages

8.0

 * Thu Mar 18 2004 Jesse Keating <jkeating at j2solutions.net>
 
- 0.9.6-24.8.legacy
- add security fixes for CAN-2004-0081 and CAN-2003-0851
- conditionalize use of -Wa,--noexecstack
 
---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/
 
296a86b860209645a73cdd081b03f3fb1d6e437d  
7.2/updates-testing/SRPMS/openssl096-0.9.6-25.7.legacy.src.rpm
f678d1b885a8236301afb4f92da2d451599643ce  
7.2/updates-testing/i386/openssl096-0.9.6-25.7.legacy.i386.rpm
 
296a86b860209645a73cdd081b03f3fb1d6e437d  
7.3/updates-testing/SRPMS/openssl096-0.9.6-25.7.legacy.src.rpm
f678d1b885a8236301afb4f92da2d451599643ce  
7.3/updates-testing/i386/openssl096-0.9.6-25.7.legacy.i386.rpm
 
a13a09ee098c126ab7b452f13ae49cc870e0d5d2  
8.0/updates-testing/SRPMS/openssl096-0.9.6-24.8.legacy.src.rpm
5fad5ab9fdbbf48cd725cb9d7edb853f651b0893  
8.0/updates-testing/i386/openssl096-0.9.6-24.8.legacy.i386.rpm
 
Please note that this update is also available via yum and apt
through the updates-testing channel.  Many people find this an easier
way to apply updates.
---------------------------------------------------------------------

-- 
Jesse Keating RHCE      (geek.j2solutions.net)
Fedora Legacy Team      (www.fedoralegacy.org)
GPG Public Key          (geek.j2solutions.net/jkeating.j2solutions.pub)
 
Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20040322/ee8d4554/attachment.sig>

More information about the fedora-legacy-list mailing list