drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in openssl
Name: |
Mehrere Probleme in openssl |
|
ID: |
TLSA-2007-52 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 8 Server, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition, TurboLinux wizpy |
|
Datum: |
Sa, 10. November 2007, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 |
|
Applikationen: |
OpenSSL |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2007-52 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 09 Nov 2007 Last revised: 09 Nov 2007
Package: openssl
Summary: Multiple vulnerabilities exist in openssl
More information: The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
Multiple vulnerabilities exist in openssl.
Impact: Buffer overflow openssl. Allows remote attackers to force a client and server to use a weaker protocol. Allow local users to conduct a side-channel attack and retrieve RSA private keys. Allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. Remote attackers to execute arbitrary code via unspecified vectors.
Affected Products: - wizpy - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server
<wizpy>
Source Packages Size: MD5
openssl-0.9.8-12.src.rpm 3369754 1988e069d0f6676f0dc94e310b2346c9
Binary Packages Size: MD5
openssl-0.9.8-12.i386.rpm 1507977 136669205681cfac03ec3a3e7ef989f3
<Turbolinux Appliance Server 2.0>
Source Packages Size: MD5
openssl-0.9.7d-13.src.rpm 2905537 64e45df443efce20e71c553ea2601781 openssl-compat-0.9.6m-12.src.rpm 2283679 22f70e633fd0e757ac03345ae55d1086
Binary Packages Size: MD5
openssl-0.9.7d-13.i586.rpm 1303002 4de1a3600839082b592a085832dce581 openssl-compat-0.9.6m-12.i586.rpm 756719 2bde738a8dbdd22d3382962dac02c6ed openssl-devel-0.9.7d-13.i586.rpm 1484607 50d25b98f2cf9779ddf47b5c640a87ec
<Turbolinux FUJI>
Source Packages Size: MD5
openssl-0.9.8-12.src.rpm 3369754 8c608cfd5b48cc249569d91e4f05cf9a openssl-compat-0.9.7d-13.src.rpm 2905545 169210c886a77ee60a2c9603961358d0 openssl096-0.9.6m-12.src.rpm 2283691 ee1d9c142b6dcd4029f4a362465ad7ed
Binary Packages Size: MD5
openssl-0.9.8-12.i686.rpm 1743047 bad2652d584fcffa03b60b26748f30a0 openssl-compat-0.9.7d-13.i686.rpm 1058028 14dd5de98060f4499bc8678e582fd9b4 openssl-devel-0.9.8-12.i686.rpm 1928515 ac58dc231cc6df534b4d5a70998085c5 openssl096-0.9.6m-12.i686.rpm 881931 2099f0f01eec2d64d3a07640fb5673c2
<Turbolinux 10 Server x64 Edition>
Source Packages Size: MD5
openssl-0.9.7d-13.src.rpm 2905537 167ed0070e9e7e47022e29d863574eeb openssl-compat-0.9.6m-12.src.rpm 2283679 d0f5266ffb19f2178d64e1249328d1b5
Binary Packages Size: MD5
openssl-0.9.7d-13.x86_64.rpm 1413703 03f0d26283e6837175ba49b670fb2854 openssl-compat-0.9.6m-12.x86_64.rpm 851114 55bd8d7612aff06b42f08df93a887e6e openssl-devel-0.9.7d-13.x86_64.rpm 1548926 c0f0fd6d2d7fdb923f4f2f47ed72f991
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages Size: MD5
openssl-0.9.6m-12.src.rpm 2371446 db00a32d7037f78d0e873313380b07c9
Binary Packages Size: MD5
openssl-0.9.6m-12.i586.rpm 1446903 75247e5581d86ae13be3a47e02050701 openssl-devel-0.9.6m-12.i586.rpm 1158945 d7aff0506d7dcfa69519acac4949012d
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages Size: MD5
openssl-0.9.6m-12.src.rpm 2371446 c679e60ab77db1e5b232c90400f576e5
Binary Packages Size: MD5
openssl-0.9.6m-12.i586.rpm 1447278 abb19471098c8467e8dca37f4e84f973 openssl-devel-0.9.6m-12.i586.rpm 1159760 618a1c5a8581f18b3eed6fc53769be9f
<Turbolinux 10 Server>
Source Packages Size: MD5
openssl-0.9.7d-13.src.rpm 2905537 64e45df443efce20e71c553ea2601781 openssl-compat-0.9.6m-12.src.rpm 2283679 22f70e633fd0e757ac03345ae55d1086
Binary Packages Size: MD5
openssl-0.9.7d-13.i586.rpm 1303002 4de1a3600839082b592a085832dce581 openssl-compat-0.9.6m-12.i586.rpm 756719 2bde738a8dbdd22d3382962dac02c6ed openssl-devel-0.9.7d-13.i586.rpm 1484607 50d25b98f2cf9779ddf47b5c640a87ec
<Turbolinux Multimedia, Turbolinux Personal>
Source Packages Size: MD5
openssl-0.9.7d-13.src.rpm 2905537 98a7937f20d6d19e94727007d012306c openssl-compat-0.9.6m-12.src.rpm 2283679 5bf057f42a0bf63856c04b6965b15811
Binary Packages Size: MD5
openssl-0.9.7d-13.i586.rpm 1305650 9eb8f5a0b5af29249cae231ae831c8f9 openssl-compat-0.9.6m-12.i586.rpm 756069 2e78f53d5c112ac9c4d5a4d7d5f7a737 openssl-devel-0.9.7d-13.i586.rpm 1485984 a1e53ba74a81d92d5ffb760b5a78fa69
<Turbolinux 8 Server>
Source Packages Size: MD5
openssl-0.9.6m-12.src.rpm 2371446 8e5a3b34dee584ee154adefe8c05524c
Binary Packages Size: MD5
openssl-0.9.6m-12.i586.rpm 1447371 5fdf3f1b5c68e8ca2aca7a9e20805498 openssl-devel-0.9.6m-12.i586.rpm 1160208 0b1f9a242b68a11ce825f15308d10d3c
References:
CVE [CAN-2005-2969] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969 [CVE-2006-3738] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [CVE-2007-3108] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 [CVE-2007-4995] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995 [CVE-2007-5135] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135
-------------------------------------------------------------------------- Revision History 09 Nov 2007 Initial release --------------------------------------------------------------------------
Copyright(C) 2007 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHM+yAK0LzjOqIJMwRAvkkAJ94R0aQPAamoHeuVJvq+KumO1ATAACgjsMB 6VC2wKJaMs5SP/jP44Ihi/g= =Nezi -----END PGP SIGNATURE-----
|
|
|
|