Login
Newsletter
Werbung

Sicherheit: Denial of Service in openssl
Aktuelle Meldungen Distributionen
Name: Denial of Service in openssl
ID: TLSA-2009-13
Distribution: TurboLinux
Plattformen: Turbolinux Client 2008, Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Appliance Server 3.0, Turbolinux Appliance Server 3.0 x64 Edition, TurboLinux wizpy
Datum: Mi, 13. Mai 2009, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
Applikationen: OpenSSL

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2009-13
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 12 May 2009
Last revised: 12 May 2009

Package: openssl

Summary: openssl denial of service

More information:
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols as well as a full-strength general purpose cryptography library.

The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote
attackers to
cause a denial of service (invalid memory access and application crash) via
vectors that
trigger printing of a (1) BMPString or (2) UniversalString with an invalid
encoded length. (CVE-2009-0590)

Affected Products:
- Turbolinux Client 2008
- Turbolinux Appliance Server 3.0 x64 Edition
- Turbolinux Appliance Server 3.0
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server
- wizpy
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server


<Turbolinux Client 2008>

Source Packages
Size: MD5

openssl-0.9.8h-3.src.rpm
3531695 da152cf28e40951dd0e013751524948c

Binary Packages
Size: MD5

openssl-0.9.8h-3.i586.rpm
1642157 f2225abdb9a12a05a043db174abc2e76
openssl-devel-0.9.8h-3.i586.rpm
1521915 572faa9d058dd6ef7cf1ad6a24e62103

<Turbolinux Appliance Server 3.0 x64 Edition>

Source Packages
Size: MD5

openssl-0.9.8e-6.src.rpm
3463701 873896005663aeda70447f6a09b8b84b

Binary Packages
Size: MD5

openssl-0.9.8e-6.x86_64.rpm
1775134 7bee5915c7bed64e22d908aab358ec6d
openssl-devel-0.9.8e-6.x86_64.rpm
1966178 a8888f04d8e51478fe55196b0dd48f12

<Turbolinux Appliance Server 3.0>

Source Packages
Size: MD5

openssl-0.9.8e-6.src.rpm
3463701 873896005663aeda70447f6a09b8b84b

Binary Packages
Size: MD5

openssl-0.9.8e-6.i686.rpm
1700346 b0dd19b3234b3a71899d39b1afda5f27
openssl-devel-0.9.8e-6.i686.rpm
1907242 4767f7f665f602ee55aeabd0e6bc38e1

<Turbolinux 11 Server x64 Edition>

Source Packages
Size: MD5

openssl-0.9.8e-6.src.rpm
3463701 873896005663aeda70447f6a09b8b84b

Binary Packages
Size: MD5

openssl-0.9.8e-6.x86_64.rpm
1775134 7bee5915c7bed64e22d908aab358ec6d
openssl-devel-0.9.8e-6.x86_64.rpm
1966178 a8888f04d8e51478fe55196b0dd48f12

<Turbolinux 11 Server>

Source Packages
Size: MD5

openssl-0.9.8e-6.src.rpm
3463701 873896005663aeda70447f6a09b8b84b

Binary Packages
Size: MD5

openssl-0.9.8e-6.i686.rpm
1700346 1e57bc12ccf3258491cd979c1de3d666
openssl-devel-0.9.8e-6.i686.rpm
1907242 42b9ae73b6529768eafad667996c5f7a

<wizpy>

Source Packages
Size: MD5

openssl-0.9.8-14.src.rpm
3383819 842a8aba1ffb621b420b5fb77ed96ecb

Binary Packages
Size: MD5

openssl-0.9.8-14.i386.rpm
1658755 6189e141d1b7b4e67ab971e5c06230b3

<Turbolinux Appliance Server 2.0>

Source Packages
Size: MD5

openssl-0.9.7d-16.src.rpm
2938988 90ced6d54531d6815b9c56535f6871f5

Binary Packages
Size: MD5

openssl-0.9.7d-16.i586.rpm
1302921 4a69f79a27c81a0f0a4a414344f56e86
openssl-devel-0.9.7d-16.i586.rpm
1484806 c3c0110b31c26446dbabb06916fc2a53

<Turbolinux FUJI>

Source Packages
Size: MD5

openssl-0.9.8-14.src.rpm
3383445 2bb083d786b1f03d5ec214606c845b75
openssl-compat-0.9.7d-16.src.rpm
2917943 c0ec45b2a1ec7358ed8af202d6bea987

Binary Packages
Size: MD5

openssl-0.9.8-14.i686.rpm
1744589 6e0ff5aa2106b7b672a0363a670675fd
openssl-compat-0.9.7d-16.i686.rpm
1058699 fc4a536debb2565cea6956d85f6d1169
openssl-devel-0.9.8-14.i686.rpm
1929896 83f2958ace915e8b3bf360347b2adc79

<Turbolinux 10 Server x64 Edition>

Source Packages
Size: MD5

openssl-0.9.7d-16.src.rpm
2908239 4658395ce7116d97b11f2b33fa782862

Binary Packages
Size: MD5

openssl-0.9.7d-16.x86_64.rpm
1413095 e74d8e2d839f4db74c5ad947bbd6a169
openssl-devel-0.9.7d-16.x86_64.rpm
1547770 6d3b87a57c25c6e30ecfc46f867a994b

<Turbolinux 10 Server>

Source Packages
Size: MD5

openssl-0.9.7d-16.src.rpm
2938988 90ced6d54531d6815b9c56535f6871f5

Binary Packages
Size: MD5

openssl-0.9.7d-16.i586.rpm
1302921 4a69f79a27c81a0f0a4a414344f56e86
openssl-devel-0.9.7d-16.i586.rpm
1484806 c3c0110b31c26446dbabb06916fc2a53


References:

CVE
[CVE-2009-0590]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590

--------------------------------------------------------------------------
Revision History
12 May 2009 Initial release
--------------------------------------------------------------------------

Copyright(C) 2009 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)

iEYEARECAAYFAkoJR1AACgkQK0LzjOqIJMzlEgCgp2w6LF0MRiSC9tLGKo3jFrPT
GgYAn0rkNDASZb+BJRWTAjUiUVrWDE7L
=itxY
-----END PGP SIGNATURE-----
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung