-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                     ESB-2002.375 -- RHSA-2002:155-11
            Updated openssl packages fix remote vulnerabilities
                               31 July 2002

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:                OpenSSL prior to 0.9.6e,
                        up to and including pre-release 0.9.7-beta2
                        OpenSSL pre-release 0.9.7-beta2
                        and prior with Kerberos enabled
Vendor:                 Red Hat
Operating System:       Red Hat Linux 6.2
                        Red Hat Linux 7.0
                        Red Hat Linux 7.1
                        Red Hat Linux 7.2
                        Red Hat Linux 7.3
Platform:               Alpha
                        i386
                        SPARC
                        IA-64
Impact:                 Denial of Service
                        Execute Arbitrary Code/Commands
Access Required:        Remote

Ref:                    AA-2002.06
                        ESB-2002.369

- --------------------------BEGIN INCLUDED TEXT--------------------

- ---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated openssl packages fix remote vulnerabilities
Advisory ID:       RHSA-2002:155-11
Issue date:        2002-07-25
Updated on:        2002-07-29
Product:           Red Hat Linux
Keywords:          OpenSSL master session key
Cross references:  
Obsoletes:         RHSA-2001:051
CVE Names:         CAN-2002-0655 CAN-2002-0656
- ---------------------------------------------------------------------

1. Topic:

Updated OpenSSL packages are available which fix several serious buffer
overflow vulnerabilities.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - alpha, i386, sparc

Red Hat Linux 7.0 - alpha, i386

Red Hat Linux 7.1 - alpha, i386, ia64

Red Hat Linux 7.2 - i386, i686, ia64

Red Hat Linux 7.3 - i386, i686

3. Problem description:

OpenSSL is a commercial-grade, full-featured, and Open Source toolkit which
implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer
Security (TLS v1) protocols as well as a full-strength general purpose
cryptography library. A security audit of the OpenSSL code sponsored by
DARPA found several buffer overflows in OpenSSL which affect versions 0.9.7
and 0.9.6d and earlier:

1. The master key supplied by a client to an SSL version 2 server could be
oversized, causing a stack-based buffer overflow. This issue is remotely
exploitable. Services that have SSLv2 disabled would not be vulnerable to
this issue. (CAN-2002-0656)

2. The SSLv3 session ID supplied to a client from a malicious server could
be oversized and overrun a buffer. This issue looks to be remotely
exploitable. (CAN-2002-0656)

3. Various buffers used for storing ASCII representations of integers were
too small on 64 bit platforms. This issue may be exploitable. (CAN-2002-0655)

A further issue was found in OpenSSL 0.9.7 that does not affect versions of
OpenSSL shipped with Red Hat Linux (CAN-2002-0657).

A large number of applications within Red Hat Linux make use the OpenSSL
library to provide SSL support.  All users are therefore advised to upgrade
to the errata OpenSSL packages, which contain patches to correct these
vulnerabilities.

NOTE: 

Please read the Solution section below as it contains instructions for
making sure that all SSL-enabled processes are restarted after the update
is applied.

Thanks go to the OpenSSL team and Ben Laurie for providing patches for
these issues.

4. Solution:

IMPORTANT:

Because both client and server applications are affected by these
vulnerabilities, we advise users to reboot their systems after installing
these updates.

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):



6. RPMs required:

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/openssl-0.9.5a-26.src.rpm

alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/openssl-0.9.5a-26.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/openssl-devel-0.9.5a-26.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/openssl-perl-0.9.5a-26.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/openssl-python-0.9.5a-26.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/openssl-0.9.5a-26.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/openssl-devel-0.9.5a-26.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/openssl-perl-0.9.5a-26.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/openssl-python-0.9.5a-26.i386.rpm

sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/openssl-0.9.5a-26.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/openssl-devel-0.9.5a-26.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/openssl-perl-0.9.5a-26.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/openssl-python-0.9.5a-26.sparc.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
ftp://updates.redhat.com/7.0/en/os/SRPMS/openssl-0.9.6-10.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/openssl095a-0.9.5a-14.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssl-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssl-devel-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssl-perl-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssl-python-0.9.6-10.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-devel-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-perl-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-python-0.9.6-10.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
ftp://updates.redhat.com/7.1/en/os/SRPMS/openssl-0.9.6-10.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/openssl095a-0.9.5a-14.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/openssl-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/openssl-devel-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/openssl-perl-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/openssl-python-0.9.6-10.alpha.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-devel-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-perl-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-python-0.9.6-10.i386.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/openssl095a-0.9.5a-14.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/openssl-0.9.6-10.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/openssl-devel-0.9.6-10.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/openssl-perl-0.9.6-10.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/openssl-python-0.9.6-10.ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl096-0.9.6-9.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl-0.9.6b-24.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl096-0.9.6-9.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-0.9.6b-24.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-devel-0.9.6b-24.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-perl-0.9.6b-24.i386.rpm

i686:
ftp://updates.redhat.com/7.2/en/os/i686/openssl-0.9.6b-24.i686.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/openssl095a-0.9.5a-14.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl096-0.9.6-9.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-0.9.6b-24.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-devel-0.9.6b-24.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-perl-0.9.6b-24.ia64.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl096-0.9.6-9.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl-0.9.6b-24.src.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl096-0.9.6-9.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-0.9.6b-24.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-devel-0.9.6b-24.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-perl-0.9.6b-24.i386.rpm

i686:
ftp://updates.redhat.com/7.3/en/os/i686/openssl-0.9.6b-24.i686.rpm



7. Verification:

MD5 sum                          Package Name
- --------------------------------------------------------------------------
61c1681e13328fe5cc5de13003cecbfa 6.2/en/os/SRPMS/openssl-0.9.5a-26.src.rpm
b5a092d4197eabfaefeed4d260d1b98e 6.2/en/os/alpha/openssl-0.9.5a-26.alpha.rpm
711624c0394b7c0fca42750726d32f3d 6.2/en/os/alpha/openssl-devel-0.9.5a-26.alpha.rpm
76d65cd6d29616fd9933912b09bede48 6.2/en/os/alpha/openssl-perl-0.9.5a-26.alpha.rpm
267eb03ac96a182b9fa11a5ba3b9389d 6.2/en/os/alpha/openssl-python-0.9.5a-26.alpha.rpm
b99f516e99f7b0b90feea4cd0fb1edab 6.2/en/os/i386/openssl-0.9.5a-26.i386.rpm
0ffd8b3d708b8fdcc6bc6ae91f3d1940 6.2/en/os/i386/openssl-devel-0.9.5a-26.i386.rpm
b9db1140f4806ec3f4f1a832aad21afc 6.2/en/os/i386/openssl-perl-0.9.5a-26.i386.rpm
388b3147b88607bb47b563532b4ff155 6.2/en/os/i386/openssl-python-0.9.5a-26.i386.rpm
810e6131fee818819213d326c596719b 6.2/en/os/sparc/openssl-0.9.5a-26.sparc.rpm
9ab8a7b059a198837cad649e7c4b1f92 6.2/en/os/sparc/openssl-devel-0.9.5a-26.sparc.rpm
e4ab888ccd8200c66de485408b3518b9 6.2/en/os/sparc/openssl-perl-0.9.5a-26.sparc.rpm
305e69febe8751a6839324593be55087 6.2/en/os/sparc/openssl-python-0.9.5a-26.sparc.rpm
6a1a51baec50250feb6a7df0914c086d 7.0/en/os/SRPMS/openssl-0.9.6-10.src.rpm
ddd832b579f5f92234fd3bdc0088585c 7.0/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
80e27f1105c86ad37f47ed9c6da01e75 7.0/en/os/alpha/openssl-0.9.6-10.alpha.rpm
fe5999b2892ef3af48707a0900d24741 7.0/en/os/alpha/openssl-devel-0.9.6-10.alpha.rpm
7f0ad5a594254071c63d46c554a73cfe 7.0/en/os/alpha/openssl-perl-0.9.6-10.alpha.rpm
30fb55bf1ff5f8113fe4fce2907db6de 7.0/en/os/alpha/openssl-python-0.9.6-10.alpha.rpm
2c67e47754d3c46828a46b858d5227e5 7.0/en/os/alpha/openssl095a-0.9.5a-14.alpha.rpm
9b9780f4124111d800cbc698f601eed4 7.0/en/os/i386/openssl-0.9.6-10.i386.rpm
d81f3d47b8d725bb71ad7809c81e0486 7.0/en/os/i386/openssl-devel-0.9.6-10.i386.rpm
776c915db7a72e5f22cdffadfb56f2c9 7.0/en/os/i386/openssl-perl-0.9.6-10.i386.rpm
1c916fb95c1b8f9c44840667a4aea2cd 7.0/en/os/i386/openssl-python-0.9.6-10.i386.rpm
9f4ddecdbc78517f7e43648132c9873a 7.0/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
6a1a51baec50250feb6a7df0914c086d 7.1/en/os/SRPMS/openssl-0.9.6-10.src.rpm
ddd832b579f5f92234fd3bdc0088585c 7.1/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
80e27f1105c86ad37f47ed9c6da01e75 7.1/en/os/alpha/openssl-0.9.6-10.alpha.rpm
fe5999b2892ef3af48707a0900d24741 7.1/en/os/alpha/openssl-devel-0.9.6-10.alpha.rpm
7f0ad5a594254071c63d46c554a73cfe 7.1/en/os/alpha/openssl-perl-0.9.6-10.alpha.rpm
30fb55bf1ff5f8113fe4fce2907db6de 7.1/en/os/alpha/openssl-python-0.9.6-10.alpha.rpm
2c67e47754d3c46828a46b858d5227e5 7.1/en/os/alpha/openssl095a-0.9.5a-14.alpha.rpm
9b9780f4124111d800cbc698f601eed4 7.1/en/os/i386/openssl-0.9.6-10.i386.rpm
d81f3d47b8d725bb71ad7809c81e0486 7.1/en/os/i386/openssl-devel-0.9.6-10.i386.rpm
776c915db7a72e5f22cdffadfb56f2c9 7.1/en/os/i386/openssl-perl-0.9.6-10.i386.rpm
1c916fb95c1b8f9c44840667a4aea2cd 7.1/en/os/i386/openssl-python-0.9.6-10.i386.rpm
9f4ddecdbc78517f7e43648132c9873a 7.1/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
0c246f63818de647a1b1810187c13381 7.1/en/os/ia64/openssl-0.9.6-10.ia64.rpm
5966099d03ba051a1784f7eba666815b 7.1/en/os/ia64/openssl-devel-0.9.6-10.ia64.rpm
30d8263af19b234b1ff6b48915a4760d 7.1/en/os/ia64/openssl-perl-0.9.6-10.ia64.rpm
0eb73d5aa9c2a0f693ff8c60bf4a9321 7.1/en/os/ia64/openssl-python-0.9.6-10.ia64.rpm
5e6e3c534cac94d57e14fae37f213333 7.1/en/os/ia64/openssl095a-0.9.5a-14.ia64.rpm
93ab0985d11a15fe39e24a548b1885e6 7.2/en/os/SRPMS/openssl-0.9.6b-24.src.rpm
ddd832b579f5f92234fd3bdc0088585c 7.2/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
449151345e809f531c316cb9d1df033b 7.2/en/os/SRPMS/openssl096-0.9.6-9.src.rpm
c181eab20db43421e20a0e5cd18a1b0d 7.2/en/os/i386/openssl-0.9.6b-24.i386.rpm
b74adb3f6208aeddfda7d1b1f0063802 7.2/en/os/i386/openssl-devel-0.9.6b-24.i386.rpm
189345f3cee952484fcd2a40246aa28b 7.2/en/os/i386/openssl-perl-0.9.6b-24.i386.rpm
9f4ddecdbc78517f7e43648132c9873a 7.2/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
c37591c97b216af1290cfcc82e74abb3 7.2/en/os/i386/openssl096-0.9.6-9.i386.rpm
0189237bd50fc00fb777cd782aa70e2e 7.2/en/os/i686/openssl-0.9.6b-24.i686.rpm
a5e045a90bf2fae63b9fd7c7a7ed265b 7.2/en/os/ia64/openssl-0.9.6b-24.ia64.rpm
1c047ebddc6b5bad180bba5eb6549f63 7.2/en/os/ia64/openssl-devel-0.9.6b-24.ia64.rpm
2e96f756ac9fab96db2e2e672f11b62b 7.2/en/os/ia64/openssl-perl-0.9.6b-24.ia64.rpm
5e6e3c534cac94d57e14fae37f213333 7.2/en/os/ia64/openssl095a-0.9.5a-14.ia64.rpm
e402bc51ebe69e9e18132a29f1555c15 7.2/en/os/ia64/openssl096-0.9.6-9.ia64.rpm
93ab0985d11a15fe39e24a548b1885e6 7.3/en/os/SRPMS/openssl-0.9.6b-24.src.rpm
ddd832b579f5f92234fd3bdc0088585c 7.3/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
449151345e809f531c316cb9d1df033b 7.3/en/os/SRPMS/openssl096-0.9.6-9.src.rpm
c181eab20db43421e20a0e5cd18a1b0d 7.3/en/os/i386/openssl-0.9.6b-24.i386.rpm
b74adb3f6208aeddfda7d1b1f0063802 7.3/en/os/i386/openssl-devel-0.9.6b-24.i386.rpm
189345f3cee952484fcd2a40246aa28b 7.3/en/os/i386/openssl-perl-0.9.6b-24.i386.rpm
9f4ddecdbc78517f7e43648132c9873a 7.3/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
c37591c97b216af1290cfcc82e74abb3 7.3/en/os/i386/openssl096-0.9.6-9.i386.rpm
0189237bd50fc00fb777cd782aa70e2e 7.3/en/os/i686/openssl-0.9.6b-24.i686.rpm
 

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

8. References:


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656



Copyright(c) 2000, 2001, 2002 Red Hat, Inc.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content.  The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

	http://www.auscert.org.au/Information/advisories.html

If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

Internet Email: auscert@auscert.org.au
Facsimile:	(07) 3365 7031
Telephone:	(07) 3365 4417 (International: +61 7 3365 4417)
		AusCERT personnel answer during Queensland business hours
		which are GMT+10:00 (AEST).
		On call after hours for member emergencies.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBPUfWBCh9+71yA2DNAQEkDgP+L2cCmsd/zljyRXjv1h4813eB3w0dBaGr
ykEXjHibmVUK6etBbIuaulknEE2JAHnWztq0WokQ+von/79ZAWVK8SrJr3qYUFTD
8hbTFZUIq9kSUy4VyRmQZg0N4LR49ihZ6cnKjCRXKlxR+LVWRT35xBRByYfAGZGG
AzppyF0JHYs=
=er4K
-----END PGP SIGNATURE-----