[MBT] new ticket for pkg openssl "remote exploit bug - urgent"
bugs at pld.org.pl
bugs at pld.org.pl
Fri Sep 13 21:11:03 CEST 2002
Date: 2002-09-13 21:11:03+02 Author: jerzy szczud³owski (jerzy) <jerzy at jedwab.net.pl>
Title: remote exploit bug - urgent
Ticket ID: #326
Ticket URL: http://bugs.pld.org.pl/?bug=326
Package: openssl-0.9.6c-3
Distribution: PLD-Ra.main PLD-1.0.devel.main
Category: security problem
Current state: opened
Text:
Theres a Internet worm exploiting this vulnerablity:
Message-ID: <3D821D71.2000702 at algroup.co.uk>
Advisory from openssl.org:
Affects:
Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or
current development snapshots of 0.9.7 to provide SSL or TLS is
vulnerable, whether client or server. 0.9.6d servers on 32-bit systems
with SSL 2.0 disabled are not vulnerable.
Recommendations:
Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL
0.9.6e. Recompile all applications using OpenSSL to provide SSL or
TLS.
More information about the pld-bugs
mailing list