OpenSSL/SSH 0.9.7d for FC2
William Hooper
whooperhsd3 at earthlink.net
Mon Jul 19 19:00:24 UTC 2004
Charles Heselton said:
[snip]
> While it's entirely possible that I'm just getting confused on
> version number between OpenSSL and OpenSSH, these are the CVE #'s that I
> was looking to update:
>
> CAN-2004-0079 - Null-pointer assignment during SSL handshake
> CAN-2004-0112 - Out-of-bounds read affects Kerberos ciphersuites
> CAN-2004-00811- OpenSSL 0.9.6 before 0.9.6d infinite loop vulnerability
All of these were fixed before FC2 was released.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118622
Oddly enough, the changelog doesn't mention CAN-2004-0081. It might be worth an e-mail to the maintainer.
[whooper at laptop whooper]$ rpm -q --changelog openssl | head -4
* Thu Mar 25 2004 Joe Orton <jorton at redhat.com> 0.9.7a-35
- add security fixes for CAN-2004-0079, CAN-2004-0112
--
William Hooper
More information about the fedora-list
mailing list