Fedora Legacy Test Update Notification: openssl
Jesse Keating
jkeating at j2solutions.net
Mon Mar 22 23:29:16 UTC 2004
---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-1395
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1395
2004-03-22
---------------------------------------------------------------------
Name : openssl
Version 7.2 : 0.9.6b-36.7.legacy
Version 7.3 : 0.9.6b-36.7.legacy
Version 8.0 : 0.9.6b-36.8.legacy
Summary : The OpenSSL toolkit.
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.
---------------------------------------------------------------------
Update Information:
CAN-2003-0851:
OpenSSL 0.9.6k does not properly handle certain ASN.1 sequences. As a
result, OpenSSL performs a recursive function call that could exhaust
system resources and crash the process using the OpenSSL library.
CAN-2004-0081:
OpenSSL prior to version 0.9.6d does not properly handle unknown message
types. An attacker could cause the application using OpenSSL to enter
an infinite loop, resulting in a denial of service.
---------------------------------------------------------------------
Changelog:
* Thu Mar 18 2004 Jesse Keating <jkeating at j2solutions.net>
- 0.9.6b-36.7.legacy
- add security fixes for CAN-2004-0081 and CAN-2003-0851
- updated ca-bundle.crt: removed expired GeoTrust roots, added
freessl.com root, removed trustcenter.de Class 0 root
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/redhat/
2647596bc3e8d0090af0ea0e9841ba665872a729
7.2/updates-testing/SRPMS/openssl-0.9.6b-36.7.legacy.src.rpm
014a4d8fec25dde48ee8f8c14cc5250afc687542
7.2/updates-testing/i386/openssl-0.9.6b-36.7.legacy.i386.rpm
2647596bc3e8d0090af0ea0e9841ba665872a729
7.3/updates-testing/SRPMS/openssl-0.9.6b-36.7.legacy.src.rpm
014a4d8fec25dde48ee8f8c14cc5250afc687542
7.3/updates-testing/i386/openssl-0.9.6b-36.7.legacy.i386.rpm
c4403aff66cc3891418f2f4a5fc9632ed87c6f79
7.3/updates-testing/i386/openssl-0.9.6b-36.7.legacy.i686.rpm
95ab8bd7b6e649f3e7995830e8f15c3fd55e83bd
8.0/updates-testing/SRPMS/openssl-0.9.6b-36.8.legacy.src.rpm
bb6c9804df5d4214ca80474f2f3e87ddfe298908
8.0/updates-testing/i386/openssl-0.9.6b-36.8.legacy.i386.rpm
d49da33be792303a8ea3295076b3a7e5c7a29ea1
8.0/updates-testing/i386/openssl-0.9.6b-36.8.legacy.i686.rpm
Please note that this update is also available via yum and apt
through the updates-testing channel. Many people find this an easier
way to apply updates.
---------------------------------------------------------------------
--
Jesse Keating RHCE (geek.j2solutions.net)
Fedora Legacy Team (www.fedoralegacy.org)
GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub)
Was I helpful? Let others know:
http://svcs.affero.net/rm.php?r=jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20040322/0675db58/attachment.sig>
More information about the fedora-legacy-list
mailing list