OpenSSL/SSH 0.9.7d for FC2

William Hooper whooperhsd3 at earthlink.net
Mon Jul 19 19:00:24 UTC 2004


Charles Heselton said:
[snip]
> While it's entirely  possible that I'm just getting confused on
> version number between OpenSSL and OpenSSH, these are the CVE #'s that I
> was looking to update:
> 
> CAN-2004-0079 - Null-pointer assignment during SSL handshake
> CAN-2004-0112 - Out-of-bounds read affects Kerberos ciphersuites
> CAN-2004-00811- OpenSSL 0.9.6 before 0.9.6d infinite loop vulnerability

All of these were fixed before FC2 was released.

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118622

Oddly enough, the changelog doesn't mention CAN-2004-0081.  It might be worth an e-mail to the maintainer.

[whooper at laptop whooper]$ rpm -q --changelog openssl | head -4
* Thu Mar 25 2004 Joe Orton <jorton at redhat.com> 0.9.7a-35

- add security fixes for CAN-2004-0079, CAN-2004-0112

-- 
William Hooper





More information about the fedora-list mailing list