drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in OpenSSL
| Name: |
Mehrere Probleme in OpenSSL |
|
| ID: |
MDVSA-2010:076 |
|
| Distribution: |
Mandriva |
|
| Plattformen: |
Mandriva Multi Network Firewall 2.0, Mandriva Corporate 4.0, Mandriva 2008.0, Mandriva 2009.1, Mandriva Enterprise Server 5.0, Mandriva 2010.0 |
|
| Datum: |
So, 18. April 2010, 19:38 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 |
|
| Applikationen: |
OpenSSL |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1271523187-24326-6976
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:076
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openssl
Date : April 15, 2010
Affected: 2008.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
This update fixes several security issues in openssl:
- The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f
through 0.9.8m allows remote attackers to cause a denial of service
(crash) via a malformed record in a TLS connection (CVE-2010-0740)
- OpenSSL before 0.9.8m does not check for a NULL return value
from bn_wexpand function calls which has unspecified impact and
context-dependent attack vectors (CVE-2009-3245)
- The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL
before 0.9.8n, when Kerberos is enabled but Kerberos configuration
files cannot be opened, could allow remote attackers to cause a denial
of service (NULL pointer dereference and daemon crash) (CVE-2010-0433)
- Finally, this update provides support for secure renegotiation,
preventing men-in-the-middle attacks (CVE-2009-3555).
Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
6779a4a1db26d264e8245d5a2e03b8e2
2008.0/i586/libopenssl0.9.8-0.9.8e-8.6mdv2008.0.i586.rpm
32d0879c08e77ec6ee2bf3401e342ab5
2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.6mdv2008.0.i586.rpm
f96338b09159511eb17480a3a398cdf4
2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.6mdv2008.0.i586.rpm
3b314cadba52af9c6ef20807fa6a7e40
2008.0/i586/openssl-0.9.8e-8.6mdv2008.0.i586.rpm
5781d06f2bc45312c89d5578b3d4426e
2008.0/SRPMS/openssl-0.9.8e-8.6mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
18a2f6b7bc42e89172e199e2c9d9cbd7
2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.6mdv2008.0.x86_64.rpm
adbcfd94636bf43eca84d56b000f1bf9
2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.6mdv2008.0.x86_64.rpm
78a4ae2c93221b31e75ff44f01cc963e
2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.6mdv2008.0.x86_64.rpm
cf642101a500d21a1b0d560c94f6c33b
2008.0/x86_64/openssl-0.9.8e-8.6mdv2008.0.x86_64.rpm
5781d06f2bc45312c89d5578b3d4426e
2008.0/SRPMS/openssl-0.9.8e-8.6mdv2008.0.src.rpm
Mandriva Linux 2009.1:
2179a8dcd20d37f14ee8830af0b19f18
2009.1/i586/libopenssl0.9.8-0.9.8k-1.5mdv2009.1.i586.rpm
2fa14647d3a714b59fcc96893b872d89
2009.1/i586/libopenssl0.9.8-devel-0.9.8k-1.5mdv2009.1.i586.rpm
3456989c6989346efcf82a2ac744b860
2009.1/i586/libopenssl0.9.8-static-devel-0.9.8k-1.5mdv2009.1.i586.rpm
ea0d9271dff872444a5104edb5a35782
2009.1/i586/openssl-0.9.8k-1.5mdv2009.1.i586.rpm
9606d6dd9ef55a4e36585031819ff68a
2009.1/SRPMS/openssl-0.9.8k-1.5mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
48b2c896f7f5a78da411c3f952641a7c
2009.1/x86_64/lib64openssl0.9.8-0.9.8k-1.5mdv2009.1.x86_64.rpm
f2243e30cf19af90a5d318a9b58f7166
2009.1/x86_64/lib64openssl0.9.8-devel-0.9.8k-1.5mdv2009.1.x86_64.rpm
eb21df80599178f9e0801f56ea53c596
2009.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-1.5mdv2009.1.x86_64.rpm
7623f6957ce025df671f26da48b43a8c
2009.1/x86_64/openssl-0.9.8k-1.5mdv2009.1.x86_64.rpm
9606d6dd9ef55a4e36585031819ff68a
2009.1/SRPMS/openssl-0.9.8k-1.5mdv2009.1.src.rpm
Mandriva Linux 2010.0:
bf40dda29eab76aed02a1d7cb0c6b7b0
2010.0/i586/libopenssl0.9.8-0.9.8k-5.2mdv2010.0.i586.rpm
88f7e61fb1a73b6785eb7dd619b4ba26
2010.0/i586/libopenssl0.9.8-devel-0.9.8k-5.2mdv2010.0.i586.rpm
43c3513218c3a1f9b92e6de050905511
2010.0/i586/libopenssl0.9.8-static-devel-0.9.8k-5.2mdv2010.0.i586.rpm
a8301e1c6f5f770673e3b5aa78def152
2010.0/i586/openssl-0.9.8k-5.2mdv2010.0.i586.rpm
d34a969c322305ba7c2bf42c464e655b
2010.0/SRPMS/openssl-0.9.8k-5.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
bd1bad7a46c995dd70390db3d3f54d9b
2010.0/x86_64/lib64openssl0.9.8-0.9.8k-5.2mdv2010.0.x86_64.rpm
c402e4d826ff811ed12e51348433043d
2010.0/x86_64/lib64openssl0.9.8-devel-0.9.8k-5.2mdv2010.0.x86_64.rpm
11bc52f64e3149750039441e0953c1ac
2010.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-5.2mdv2010.0.x86_64.rpm
a312e7b5c36582656783e287e4fbf8b2
2010.0/x86_64/openssl-0.9.8k-5.2mdv2010.0.x86_64.rpm
d34a969c322305ba7c2bf42c464e655b
2010.0/SRPMS/openssl-0.9.8k-5.2mdv2010.0.src.rpm
Corporate 4.0:
838799e95a4b8ddbad162e3d85826cb3
corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.12.20060mlcs4.i586.rpm
fa537398af95ed3d4d2bf0458d6968e7
corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.12.20060mlcs4.i586.rpm
44095aa5ee43e81861066b7be51f26e0
corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.12.20060mlcs4.i586.rpm
311d0ffc5d5c066e78444899796d9a04
corporate/4.0/i586/openssl-0.9.7g-2.12.20060mlcs4.i586.rpm
ffcbb14a29c554d271b34a07ba8c6760
corporate/4.0/SRPMS/openssl-0.9.7g-2.12.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
36a4b10bb78a32c87eacb51bb898ce74
corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.12.20060mlcs4.x86_64.rpm
97bc349e00703ec30ed4bc92ed1c8ad3
corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.12.20060mlcs4.x86_64.rpm
c5ad86569b033f43117c190d4843cb62
corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.12.20060mlcs4.x86_64.rpm
7323557da4375c9e28f0fc6ffe3c9681
corporate/4.0/x86_64/openssl-0.9.7g-2.12.20060mlcs4.x86_64.rpm
ffcbb14a29c554d271b34a07ba8c6760
corporate/4.0/SRPMS/openssl-0.9.7g-2.12.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
5397afaa4dd55a61a69c7a613b4a04d0
mes5/i586/libopenssl0.9.8-0.9.8h-3.7mdvmes5.1.i586.rpm
672b31b0932445ab920d98674b39568e
mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.7mdvmes5.1.i586.rpm
bd4315ba38456187e89a3608f9a81449
mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.7mdvmes5.1.i586.rpm
97c3e766752633e2dc3fb4e8808d94a2
mes5/i586/openssl-0.9.8h-3.7mdvmes5.1.i586.rpm
3fa202efa10e5a1758296c38d550e3c9
mes5/SRPMS/openssl-0.9.8h-3.7mdv2009.0.src.rpm
Mandriva Enterprise Server 5/X86_64:
eff1bf6b250becc30db24dd090677cdc
mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.7mdvmes5.1.x86_64.rpm
a516bcfc84c4d725f9123aba88f2f433
mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.7mdvmes5.1.x86_64.rpm
82bc5fb4ce477538a44d934ad20d0a76
mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.7mdvmes5.1.x86_64.rpm
1423afe3a03dc74af39c81a5ea8382ba
mes5/x86_64/openssl-0.9.8h-3.7mdvmes5.1.x86_64.rpm
3fa202efa10e5a1758296c38d550e3c9
mes5/SRPMS/openssl-0.9.8h-3.7mdv2009.0.src.rpm
Multi Network Firewall 2.0:
dc0699f12403b68e03714fbf196c1a61
mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.13.C30mdk.i586.rpm
300487b72c03dc789393b1d031b0f79f
mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.13.C30mdk.i586.rpm
a7153e4b9c5b0b3710307ec9366bc7c6
mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.13.C30mdk.i586.rpm
51f0b04c0a6ceb1008c017ff5c9e708e
mnf/2.0/i586/openssl-0.9.7c-3.13.C30mdk.i586.rpm
4fbf3a9a35931cc30fdda10ce7d1d911
mnf/2.0/SRPMS/openssl-0.9.7c-3.13.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLybd5mqjQ0CJFipgRAoogAKDhb8KNEsbPJbLGW/HkRJtwmigdlACeLosx
AivcTVPvxGwS+9NxLS8bfeA=
=M7MB
-----END PGP SIGNATURE-----
------------=_1271523187-24326-6976
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________
------------=_1271523187-24326-6976--
|
|
|
|
