|
ID: |
TLSA-2007-52 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux 8 Server, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition, TurboLinux wizpy |
|
Datum: |
Fr, 30. November 2007, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 |
|
Applikationen: |
OpenSSL |
|
Update von: |
Mehrere Probleme in openssl |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2007-52
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 09 Nov 2007
Last revised: 29 Nov 2007
Package: openssl
Summary: Multiple vulnerabilities exist in openssl
More information:
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols as well as a full-strength general purpose cryptography library.
Multiple vulnerabilities exist in openssl.
Impact:
Buffer overflow openssl.
Allows remote attackers to force a client and server to use a weaker protocol.
Allow local users to conduct a side-channel attack and retrieve RSA private keys.
Allow remote attackers to execute arbitrary code via a crafted packet that
triggers a one-byte buffer underflow.
Remote attackers to execute arbitrary code via unspecified vectors.
Affected Products:
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server
- wizpy
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Server
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 8 Server
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/openssl-0.9.8e-4.src.rpm
3448109 5f6e59a452be55da0c9bf650f815411b
Binary Packages
Size: MD5
openssl-0.9.8e-4.x86_64.rpm
1772595 a4229068554308101479e610c332f20c
openssl-devel-0.9.8e-4.x86_64.rpm
1964699 e68b6eda4112342c21f6f46aae62ccf6
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/openssl-0.9.8e-4.src.rpm
3448109 3ef0619e3a6d1696d7fa7db1675bc5aa
Binary Packages
Size: MD5
openssl-0.9.8e-4.i686.rpm
1699411 8fb17114b4bfb5f879fc3bbbc88fa075
openssl-devel-0.9.8e-4.i686.rpm
1906465 acff656c01411b225073d733c8717eba
Source Packages
Size: MD5
openssl-0.9.8-12.src.rpm
3369754 1988e069d0f6676f0dc94e310b2346c9
Binary Packages
Size: MD5
openssl-0.9.8-12.i386.rpm
1507977 136669205681cfac03ec3a3e7ef989f3
Source Packages
Size: MD5
openssl-0.9.7d-13.src.rpm
2905537 64e45df443efce20e71c553ea2601781
openssl-compat-0.9.6m-12.src.rpm
2283679 22f70e633fd0e757ac03345ae55d1086
Binary Packages
Size: MD5
openssl-0.9.7d-13.i586.rpm
1303002 4de1a3600839082b592a085832dce581
openssl-compat-0.9.6m-12.i586.rpm
756719 2bde738a8dbdd22d3382962dac02c6ed
openssl-devel-0.9.7d-13.i586.rpm
1484607 50d25b98f2cf9779ddf47b5c640a87ec
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/openssl-0.9.8-12.src.rpm
3369754 8c608cfd5b48cc249569d91e4f05cf9a
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/openssl-compat-0.9.7d-13.src.rpm
2905545 169210c886a77ee60a2c9603961358d0
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/openssl096-0.9.6m-12.src.rpm
2283691 ee1d9c142b6dcd4029f4a362465ad7ed
Binary Packages
Size: MD5
openssl-0.9.8-12.i686.rpm
1743047 bad2652d584fcffa03b60b26748f30a0
openssl-compat-0.9.7d-13.i686.rpm
1058028 14dd5de98060f4499bc8678e582fd9b4
openssl-devel-0.9.8-12.i686.rpm
1928515 ac58dc231cc6df534b4d5a70998085c5
openssl096-0.9.6m-12.i686.rpm
881931 2099f0f01eec2d64d3a07640fb5673c2
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/openssl-0.9.7d-13.src.rpm
2905537 167ed0070e9e7e47022e29d863574eeb
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/openssl-compat-0.9.6m-12.src.rpm
2283679 d0f5266ffb19f2178d64e1249328d1b5
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-0.9.7d-13.x86_64.rpm
1413703 03f0d26283e6837175ba49b670fb2854
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-compat-0.9.6m-12.x86_64.rpm
851114 55bd8d7612aff06b42f08df93a887e6e
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-devel-0.9.7d-13.x86_64.rpm
1548926 c0f0fd6d2d7fdb923f4f2f47ed72f991
Source Packages
Size: MD5
openssl-0.9.6m-12.src.rpm
2371446 db00a32d7037f78d0e873313380b07c9
Binary Packages
Size: MD5
openssl-0.9.6m-12.i586.rpm
1446903 75247e5581d86ae13be3a47e02050701
openssl-devel-0.9.6m-12.i586.rpm
1158945 d7aff0506d7dcfa69519acac4949012d
Source Packages
Size: MD5
openssl-0.9.6m-12.src.rpm
2371446 c679e60ab77db1e5b232c90400f576e5
Binary Packages
Size: MD5
openssl-0.9.6m-12.i586.rpm
1447278 abb19471098c8467e8dca37f4e84f973
openssl-devel-0.9.6m-12.i586.rpm
1159760 618a1c5a8581f18b3eed6fc53769be9f
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/openssl-0.9.7d-13.src.rpm
2905537 64e45df443efce20e71c553ea2601781
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/openssl-compat-0.9.6m-12.src.rpm
2283679 22f70e633fd0e757ac03345ae55d1086
Binary Packages
Size: MD5
openssl-0.9.7d-13.i586.rpm
1303002 4de1a3600839082b592a085832dce581
openssl-compat-0.9.6m-12.i586.rpm
756719 2bde738a8dbdd22d3382962dac02c6ed
openssl-devel-0.9.7d-13.i586.rpm
1484607 50d25b98f2cf9779ddf47b5c640a87ec
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/openssl-0.9.7d-13.src.rpm
2905537 98a7937f20d6d19e94727007d012306c
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/openssl-compat-0.9.6m-12.src.rpm
2283679 5bf057f42a0bf63856c04b6965b15811
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-0.9.7d-13.i586.rpm
1305650 9eb8f5a0b5af29249cae231ae831c8f9
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-compat-0.9.6m-12.i586.rpm
756069 2e78f53d5c112ac9c4d5a4d7d5f7a737
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-devel-0.9.7d-13.i586.rpm
1485984 a1e53ba74a81d92d5ffb760b5a78fa69
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssl-0.9.6m-12.src.rpm
2371446 8e5a3b34dee584ee154adefe8c05524c
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-0.9.6m-12.i586.rpm
1447371 5fdf3f1b5c68e8ca2aca7a9e20805498
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-devel-0.9.6m-12.i586.rpm
1160208 0b1f9a242b68a11ce825f15308d10d3c
References:
CVE
[CAN-2005-2969]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969
[CVE-2006-3738]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
[CVE-2007-3108]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108
[CVE-2007-4995]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995
[CVE-2007-5135]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135
--------------------------------------------------------------------------
Revision History
09 Nov 2007 Initial release
29 Nov 2007 Added Turbolinux 11 Server
--------------------------------------------------------------------------
Copyright(C) 2007 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHTiaiK0LzjOqIJMwRAsTLAKCOmJDINCS4ZC/R8KIl67v3MfMmdgCglai1
gjL8Y9+MDcebVOVheLvkGpA=
=gIgG
-----END PGP SIGNATURE-----
|