[PLDSA 53-1] New openssl packages fix several vulnerabilities
Krzysiek Taraszka
dzimi at pld.org.pl
Sat May 3 15:46:30 CEST 2003
- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 53-1 security at pld.org.pl
http://www.pld.org.pl/security/ PLD Security Team
16 April 2003 http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------
Package : prior to openssl-0.9.6g-1
Vulnerability : several vulnerabilities
Problem-Type : remote
PLD-specific : no
CVE references : CAN-2003-0147, CAN-2003-0131
Researchers discovered two flaws in OpenSSL, a Secure Socket Layer
(SSL) library and related cryptographic tools. Applications that are
linked against this library are generally vulnerable to attacks that
could leak the server's private key or make the encrypted session
decryptable otherwise. The Common Vulnerabilities and Exposures (CVE)
project identified the following vulnerabilities:
CAN-2003-0147
OpenSSL does not use RSA blinding by default, which allows local and
remote attackers to obtain the server's private key.
CAN-2003-0131
The SSL and allow remote attackers to perform an unauthorized RSA
private key operation that cause OpenSSL to leak information
regarding the relationship between ciphertext and the associated
plaintext.
The above problems have been fixed in version 0.9.6j-1 for the
current stable distribution (ra).
We recommend that you upgrade your openssl packages.
wget -c url
will fetch the file for you
rpm -Uhv file(s)*.rpm
will upgrade the referenced file.
If you are using "poldek" - the package manager, use the line as given below
for upgrade packages
poldek --update
will update the internal database
poldek --upgrade 'openssl*'
will install corrected packages
If you are using "apt" - the package manager, use the line as given below
for upgrade packages
apt-get update
will update the internal database
apt-get upgrade 'openssl*'
will install corrected packages
PLD Linux 1.0 alias ra
- --------------------
Source archives:
ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/openssl-0.9.6j-1.src.rpm
MD5 checksum: 6160f50bc16dd03866581a7a523d427f
I386 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/openssl-0.9.6j-1.i386.rpm
MD5 checksum: e6cf19ce0466300266bf2827127075b4
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/openssl-devel-0.9.6j-1.i386.rpm
MD5 checksum: 877e4a11e6d2967172fde3f26a80b8a1
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/openssl-static-0.9.6j-1.i386.rpm
MD5 checksum: a7003b95de7d191d80eaf8a894518afc
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/openssl-tools-0.9.6j-1.i386.rpm
MD5 checksum: a9274549cb5b469c80bed23370ebe9dd
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/openssl-tools-perl-0.9.6j-1.i386.rpm
MD5 checksum: 4679e6cc085e89c54cde2b0552fbfa87
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/php-openssl-4.2.3-9.i386.rpm
MD5 checksum: 8cf4691543099c57c26daa42ed85783c
I586 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/openssl-0.9.6j-1.i586.rpm
MD5 checksum: 56a7e1ffb7976238c56707f13e796e2b
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/openssl-devel-0.9.6j-1.i586.rpm
MD5 checksum: d4ec1547468a7a3654f18e6f961463a0
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/openssl-static-0.9.6j-1.i586.rpm
MD5 checksum: 162c44b3e7c99ca58ede39ce34253350
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/openssl-tools-0.9.6j-1.i586.rpm
MD5 checksum: 9355d5397a3eef2580dfb481abbd91e8
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/openssl-tools-perl-0.9.6j-1.i586.rpm
MD5 checksum: 7dd0d2511987ff3102812aa1ea38a662
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/php-openssl-4.2.3-9.i586.rpm
MD5 checksum: 5abb647f96b6caf26b3a3bff544e71e2
I686 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/openssl-0.9.6j-1.i686.rpm
MD5 checksum: 7b820adaa61dad536210e3d97eab523e
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/openssl-devel-0.9.6j-1.i686.rpm
MD5 checksum: 8cd25487b7f5a6f329ed9ac936690ecf
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/openssl-static-0.9.6j-1.i686.rpm
MD5 checksum: 9e6a30cb49d918f8a2a73c6f6af48071
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/openssl-tools-0.9.6j-1.i686.rpm
MD5 checksum: bcb0594a5e6fa7e23ae3f35ac26cd71a
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/openssl-tools-perl-0.9.6j-1.i686.rpm
MD5 checksum: b457ac014f60c560645b2c034a1ad21e
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/php-openssl-4.2.3-9.i686.rpm
MD5 checksum: 74055184f72bd40336c3a23f9653c90f
PowerPC Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/openssl-0.9.6j-1.ppc.rpm
MD5 checksum: 1af6acdb44790eb11ba163add902e611
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/openssl-devel-0.9.6j-1.ppc.rpm
MD5 checksum: 5e2ffcacd25c942077d78f003afdea1d
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/openssl-static-0.9.6j-1.ppc.rpm
MD5 checksum: 36a3d0ad76388d835142ef876ef64ef0
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/openssl-tools-0.9.6j-1.ppc.rpm
MD5 checksum: 9351eedf729d061e7da36c317bb76393
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/openssl-tools-perl-0.9.6j-1.ppc.rpm
MD5 checksum: 1daf3b6dc8b79d45fa85ac732f415616
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/php-openssl-4.2.3-9.ppc.rpm
MD5 checksum: 79ad49767e3540691bcd5fea74240c90
-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.
For i386 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security
More information about the pld-security-announce
mailing list