Login

Noch kein Login?
Daten vergessen?

 
Newsletter
Werbung
Sicherheit: Mangelnde Prüfung von Zertifikaten in openssl
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Zertifikaten in openssl
ID: TLSA-2009-5
Distribution: TurboLinux
Plattformen: Turbolinux Client 2008, Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux 8 Server, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition, TurboLinux wizpy
Datum: Fr, 6. Februar 2009, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2009-5
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 05 Feb 2009
 Last revised: 05 Feb 2009

 Package: openssl

 Summary: return value check vulnerability

 More information:
    The OpenSSL Project is a collaborative effort to develop a robust,
    commercial-grade, full-featured Open Source toolkit implementing the
    Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
    protocols as well as a full-strength general purpose cryptography library.

    OpenSSL 0.9.8i and earlier does not properly check the return value from
    the EVP_VerifyFinal function, which allows remote attackers to bypass
    validation of the certificate chain via a malformed SSL/TLS signature for
 DSA and ECDSA keys. (CVE-2008-5077)

 Affected Products:
    - Turbolinux Client 2008
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server
    - wizpy
    - Turbolinux Appliance Server 2.0
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Multimedia
    - Turbolinux Personal
    - Turbolinux 8 Server


 <Turbolinux Client 2008>

   Source Packages
   Size: MD5

   openssl-0.9.8h-2.src.rpm
      3530526 da26035b51ceede26ade294281c1ea9a

   Binary Packages
   Size: MD5

   openssl-0.9.8h-2.i586.rpm
      1641825 a0eb1fb8f4ae5a7f5a7aa3e1a3c7b149
   openssl-devel-0.9.8h-2.i586.rpm
      1521217 f658a83ca76caa5c584f1742dcc6247c

 <Turbolinux Appliance Server 3.0 x64 Edition>

   Source Packages
   Size: MD5

   openssl-0.9.8e-5.src.rpm
      3449992 7f6f94909577599d4d6c655a313733b3

   Binary Packages
   Size: MD5

   openssl-0.9.8e-5.x86_64.rpm
      1772061 a4477f205084761d8b2041e8aa821dd0
   openssl-devel-0.9.8e-5.x86_64.rpm
      1967328 e9f426ce88709838594de688dcd71870

 <Turbolinux Appliance Server 3.0>

   Source Packages
   Size: MD5

   openssl-0.9.8e-5.src.rpm
      3449992 7f6f94909577599d4d6c655a313733b3

   Binary Packages
   Size: MD5

   openssl-0.9.8e-5.i686.rpm
      1700539 64f51c005f2e32dda3978e1569324c22
   openssl-devel-0.9.8e-5.i686.rpm
      1907152 f6a751148225cabb61f1152e4fdb81d7

 <Turbolinux 11 Server x64 Edition>

   Source Packages
   Size: MD5

   openssl-0.9.8e-5.src.rpm
      3449992 21ad1518ff87f76c0d6a4f0a83502ecc

   Binary Packages
   Size: MD5

   openssl-0.9.8e-5.x86_64.rpm
      1772061 a4477f205084761d8b2041e8aa821dd0
   openssl-devel-0.9.8e-5.x86_64.rpm
      1967328 e9f426ce88709838594de688dcd71870

 <Turbolinux 11 Server>

   Source Packages
   Size: MD5

   openssl-0.9.8e-5.src.rpm
      3449992 7f6f94909577599d4d6c655a313733b3

   Binary Packages
   Size: MD5

   openssl-0.9.8e-5.i686.rpm
      1700539 64f51c005f2e32dda3978e1569324c22
   openssl-devel-0.9.8e-5.i686.rpm
      1907152 f6a751148225cabb61f1152e4fdb81d7

 <wizpy>

   Source Packages
   Size: MD5

   openssl-0.9.8-13.src.rpm
      3371087 b6275b827859e10c338fda8501c53309

   Binary Packages
   Size: MD5

   openssl-0.9.8-13.i386.rpm
      1508492 aaebd747a8731e50115a07d9db0195a2

 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   openssl-0.9.7d-14.src.rpm
      2907127 a79ef4a5c71c23cd7a365883303717b3
   openssl-compat-0.9.6m-13.src.rpm
      2285209 e60a03709ba378c7a4c6995f44ff2c77

   Binary Packages
   Size: MD5

   openssl-0.9.7d-14.i586.rpm
      1303521 24f66812c39689f8ad2743c65410928b
   openssl-compat-0.9.6m-13.i586.rpm
       757222 01c02c387347dbd1ad448c15539de43b
   openssl-devel-0.9.7d-14.i586.rpm
      1485448 c034e6abc54564312494654087a8f991

 <Turbolinux FUJI>

   Source Packages
   Size: MD5

   openssl-0.9.8-13.src.rpm
      3371087 d985a1a4eb6472be207c497e116c57b5
   openssl-compat-0.9.7d-14.src.rpm
      2907148 6f376f620a3eb0f68a2667fb0de1d158
   openssl096-0.9.6m-13.src.rpm
      2285193 d88c817b49c92ab6d25e8171f5def7b4

   Binary Packages
   Size: MD5

   openssl-0.9.8-13.i686.rpm
      1744659 9f9303deb1ad4d695adf8fa9a7e10d38
   openssl-compat-0.9.7d-14.i686.rpm
      1058387 a0de7b87f8e81603b96be975f8ddf98d
   openssl-devel-0.9.8-13.i686.rpm
      1929847 14ea2b5495cd8382a961c65d2192579a
   openssl096-0.9.6m-13.i686.rpm
       882501 6de741fcf32c12bd9025d6209d00dd6a

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   openssl-0.9.7d-14.src.rpm
      2907127 f67c58c2c34528b8f39ff03460a93040
   openssl-compat-0.9.6m-13.src.rpm
      2285209 25a48fbc3cb23649e6b6843eaa76f20f

   Binary Packages
   Size: MD5

   openssl-0.9.7d-14.x86_64.rpm
      1413641 7301585c1a2ff016cb2f5f1df456c99a
   openssl-compat-0.9.6m-13.x86_64.rpm
       851120 bf68214be3c88431795314a67e8a2101
   openssl-devel-0.9.7d-14.x86_64.rpm
      1548836 b4605654a6f304a3a3104db17f977e45

 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   openssl-0.9.6m-13.src.rpm
      2372944 ce96569f5193f902d3d0d59e8a276548

   Binary Packages
   Size: MD5

   openssl-0.9.6m-13.i586.rpm
      1446880 915a2373b2ca2c6c49781838f7e31390
   openssl-devel-0.9.6m-13.i586.rpm
      1158010 45cb4f83764ad76915a1f979a77a277c

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   openssl-0.9.6m-13.src.rpm
      2372944 4e8298c15d816e34d93dc2c380ab35b7

   Binary Packages
   Size: MD5

   openssl-0.9.6m-13.i586.rpm
      1446857 3176ac33762f871ef15c5d1e95bf07ce
   openssl-devel-0.9.6m-13.i586.rpm
      1159144 6d952e57f476061e72007c0f4a90347f

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   openssl-0.9.7d-14.src.rpm
      2907127 4139de3dc5e29919e423912e8ef7de9f
   openssl-compat-0.9.6m-13.src.rpm
      2285209 e60a03709ba378c7a4c6995f44ff2c77

   Binary Packages
   Size: MD5

   openssl-0.9.7d-14.i586.rpm
      1303521 24f66812c39689f8ad2743c65410928b
   openssl-compat-0.9.6m-13.i586.rpm
       757222 01c02c387347dbd1ad448c15539de43b
   openssl-devel-0.9.7d-14.i586.rpm
      1485448 c034e6abc54564312494654087a8f991



 References:

 CVE
   [CVE-2008-5077]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077

 --------------------------------------------------------------------------
 Revision History
    05 Feb 2009 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2009 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)

iEYEARECAAYFAkmKlG4ACgkQK0LzjOqIJMy38wCfc3xpdnVfCOvuqYXoIJTT26LN
xwsAnReCNopNhd3MD2OPKkb2aDD/RI42
=2LiV
-----END PGP SIGNATURE-----
Pro-Linux
Gewinnspiel
Neue Nachrichten

9
KDE Frame­works 5 und Plasma Works­paces 2 nähern sich

2
Pidora – Fedora für den Pi

0
NetBSD 6.1 frei­ge­ge­ben

12
Keine Downloads mehr auf Google Code

26
Debian GNU/Hurd 2013: Debian mit Mach-Mi­cro­ker­nel

0
Call for Papers für erste OpenNe­bu­la-Kon­fe­renz

7
openAttic 1.0 ver­öf­fent­licht

6
LinuxTag: Uni­v­en­ti­on-Ab­sol­ven­ten­preis 2013 verliehen

1
LinuxTag 2013 eröffnet

2
Siduction 2013.1 frei­ge­ge­ben
 
Werbung