Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in openssl
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in openssl
ID: MDVSA-2009:120
Distribution: Mandriva
Plattformen: Mandriva 2008.1, Mandriva 2009.0, Mandriva 2009.1
Datum: Do, 21. Mai 2009, 18:12
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378
Applikationen: OpenSSL

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1242922350-27111-3960


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:120
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : openssl
 Date    : May 21, 2009
 Affected: 2008.1, 2009.0, 2009.1
 _______________________________________________________________________

 Problem Description:

 Multiple security vulnerabilities has been identified and fixed
 in OpenSSL:
 
 The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k
 and earlier 0.9.8 versions allows remote attackers to cause a denial
 of service (memory consumption) via a large series of future epoch
 DTLS records that are buffered in a queue, aka DTLS record buffer
 limitation bug. (CVE-2009-1377)
 
 Multiple memory leaks in the dtls1_process_out_of_seq_message function
 in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow
 remote attackers to cause a denial of service (memory consumption)
 via DTLS records that (1) are duplicates or (2) have sequence numbers
 much greater than current sequence numbers, aka DTLS fragment handling
 memory leak. (CVE-2009-1378)
 
 The updated packages have been patched to prevent this.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 9492fe3bf022be9f7529e594844033d4 
 2008.1/i586/libopenssl0.9.8-0.9.8g-4.4mdv2008.1.i586.rpm
 54166454819e21289e49a6e2986e7f30 
 2008.1/i586/libopenssl0.9.8-devel-0.9.8g-4.4mdv2008.1.i586.rpm
 0ee9a01df9bc622268eb052400433de7 
 2008.1/i586/libopenssl0.9.8-static-devel-0.9.8g-4.4mdv2008.1.i586.rpm
 b681fd12d6cd2bdbb85d1726b2db4a99 
 2008.1/i586/openssl-0.9.8g-4.4mdv2008.1.i586.rpm 
 217fe6c6af5265755ec2105b1f3bebaf 
 2008.1/SRPMS/openssl-0.9.8g-4.4mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 6409f96a04a2d3946a1b72f63a868e5d 
 2008.1/x86_64/lib64openssl0.9.8-0.9.8g-4.4mdv2008.1.x86_64.rpm
 d00a048d4d263f28539171f89d5de1e8 
 2008.1/x86_64/lib64openssl0.9.8-devel-0.9.8g-4.4mdv2008.1.x86_64.rpm
 03bbd2a59f8bc5f0d1d6cb54736f024c 
 2008.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8g-4.4mdv2008.1.x86_64.rpm
 797c40fa3bd86009061423713e2292c5 
 2008.1/x86_64/openssl-0.9.8g-4.4mdv2008.1.x86_64.rpm 
 217fe6c6af5265755ec2105b1f3bebaf 
 2008.1/SRPMS/openssl-0.9.8g-4.4mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 94d6f4be3c42586813be16a2270c89bf 
 2009.0/i586/libopenssl0.9.8-0.9.8h-3.3mdv2009.0.i586.rpm
 59e4214a9e5d703a88e5c695adf498b9 
 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.3mdv2009.0.i586.rpm
 3819b2efba54362f7e8e4a821254f258 
 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.3mdv2009.0.i586.rpm
 ecd5bea8f1fe9dd6b4e8506c0b0705ae 
 2009.0/i586/openssl-0.9.8h-3.3mdv2009.0.i586.rpm 
 c4354a0c28d3e83b9ff529a70bede4bd 
 2009.0/SRPMS/openssl-0.9.8h-3.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 e3c14742691a67f21ed7a7c9abe775a2 
 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.3mdv2009.0.x86_64.rpm
 b2bc687de0793a6c14649fa68c7d043b 
 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.3mdv2009.0.x86_64.rpm
 76f91d3544039f65b77894a86a45e09c 
 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.3mdv2009.0.x86_64.rpm
 418ef4a5a9a24fc8437baf75d8c12944 
 2009.0/x86_64/openssl-0.9.8h-3.3mdv2009.0.x86_64.rpm 
 c4354a0c28d3e83b9ff529a70bede4bd 
 2009.0/SRPMS/openssl-0.9.8h-3.3mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 9c46d7da9fb61cef36532ea0c25fd881 
 2009.1/i586/libopenssl0.9.8-0.9.8k-1.1mdv2009.1.i586.rpm
 7a984a72c9b2c7b0549dabf4f7b353fd 
 2009.1/i586/libopenssl0.9.8-devel-0.9.8k-1.1mdv2009.1.i586.rpm
 0e8b58b6e02958d05d19e78d9725cd45 
 2009.1/i586/libopenssl0.9.8-static-devel-0.9.8k-1.1mdv2009.1.i586.rpm
 a32d8acd870490b6efba309da6dce043 
 2009.1/i586/openssl-0.9.8k-1.1mdv2009.1.i586.rpm 
 7b9c16777f3e88674fb65d0c28df10ff 
 2009.1/SRPMS/openssl-0.9.8k-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 8f3c93a2af5e8950bbc3846fc7f90568 
 2009.1/x86_64/lib64openssl0.9.8-0.9.8k-1.1mdv2009.1.x86_64.rpm
 8573eab7fdffff97807255dc91154abc 
 2009.1/x86_64/lib64openssl0.9.8-devel-0.9.8k-1.1mdv2009.1.x86_64.rpm
 a557449ae9983495e61eabaeb5300895 
 2009.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-1.1mdv2009.1.x86_64.rpm
 99f346d65571efb2c4142aab5f074038 
 2009.1/x86_64/openssl-0.9.8k-1.1mdv2009.1.x86_64.rpm 
 7b9c16777f3e88674fb65d0c28df10ff 
 2009.1/SRPMS/openssl-0.9.8k-1.1mdv2009.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKFVC5mqjQ0CJFipgRAtM8AJ4rG/qVR2mmrgw4dKgmbxz/d18zMQCfa/qL
p/lIHdhpygpSxPt6iwyKWI4=
=tZ5R
-----END PGP SIGNATURE-----


------------=_1242922350-27111-3960
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1242922350-27111-3960--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung