Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2004.0217 -- RHSA-2004:119-01 and RHSA-2004:120-01 Updated OpenSSL packages fix vulnerabilities 18 March 2004 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: OpenSSL Publisher: Red Hat Operating System: Red Hat Enterprise Linux AS version 2.1 Red Hat Linux Advanced Workstation 2.1 Red Hat Enterprise Linux ES version 2.1 Red Hat Enterprise Linux WS version 2.1 Red Hat Enterprise Linux AS version 3 Red Hat Enterprise Linux ES version 3 Red Hat Enterprise Linux WS version 3 Linux Unix Impact: Denial of Service Access Required: Remote CVE Names: CAN-2004-0081 CAN-2003-0851 CAN-2004-0079 CAN-2004-0112 Ref: ESB-2004.0216 Comment: This AusCERT External Security Bulletin contains two Red Hat bulletins. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated OpenSSL packages fix vulnerabilities Advisory ID: RHSA-2004:119-01 Issue date: 2004-03-17 Updated on: 2004-03-17 Product: Red Hat Enterprise Linux Keywords: DoS Cross references: Obsoletes: RHSA-2003:293 CVE Names: CAN-2004-0081 CAN-2003-0851 - - --------------------------------------------------------------------- 1. Topic: Updated OpenSSL packages that fix a remote denial of service vulnerability are now available for Red Hat Enterprise Linux 2.1. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, i686, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386, i686 Red Hat Enterprise Linux WS version 2.1 - i386, i686 3. Problem description: OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can lead to a denial of service attack (infinite loop). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0081 to this issue. Testing performed by Novell using a test suite provided by NISCC uncovered an issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l which could cause large recursion and possibly lead to a denial of service attack if used where stack space is limited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851 to this issue. These updated packages contain patches provided by the OpenSSL group that protect against these issues. NOTE: Because server applications are affected by this issue, users are advised to either restart all services using OpenSSL functionality or restart their system after installing these updated packages. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 117771 - CAN-2004-0081 OpenSSL flaw 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl-0.9.6b-36.src.rpm ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl095a-0.9.5a-24.src.rpm ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl096-0.9.6-25.7.src.rpm i386: Available from Red Hat Network: openssl-0.9.6b-36.i386.rpm Available from Red Hat Network: openssl-devel-0.9.6b-36.i386.rpm Available from Red Hat Network: openssl-perl-0.9.6b-36.i386.rpm Available from Red Hat Network: openssl095a-0.9.5a-24.i386.rpm Available from Red Hat Network: openssl096-0.9.6-25.7.i386.rpm i686: Available from Red Hat Network: openssl-0.9.6b-36.i686.rpm ia64: Available from Red Hat Network: openssl-0.9.6b-36.ia64.rpm Available from Red Hat Network: openssl-devel-0.9.6b-36.ia64.rpm Available from Red Hat Network: openssl-perl-0.9.6b-36.ia64.rpm Available from Red Hat Network: openssl095a-0.9.5a-24.ia64.rpm Available from Red Hat Network: openssl096-0.9.6-25.7.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl-0.9.6b-36.src.rpm ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl095a-0.9.5a-24.src.rpm ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl096-0.9.6-25.7.src.rpm ia64: Available from Red Hat Network: openssl-0.9.6b-36.ia64.rpm Available from Red Hat Network: openssl-devel-0.9.6b-36.ia64.rpm Available from Red Hat Network: openssl-perl-0.9.6b-36.ia64.rpm Available from Red Hat Network: openssl095a-0.9.5a-24.ia64.rpm Available from Red Hat Network: openssl096-0.9.6-25.7.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openssl-0.9.6b-36.src.rpm i386: Available from Red Hat Network: openssl-0.9.6b-36.i386.rpm Available from Red Hat Network: openssl-devel-0.9.6b-36.i386.rpm Available from Red Hat Network: openssl-perl-0.9.6b-36.i386.rpm i686: Available from Red Hat Network: openssl-0.9.6b-36.i686.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openssl-0.9.6b-36.src.rpm i386: Available from Red Hat Network: openssl-0.9.6b-36.i386.rpm Available from Red Hat Network: openssl-devel-0.9.6b-36.i386.rpm Available from Red Hat Network: openssl-perl-0.9.6b-36.i386.rpm i686: Available from Red Hat Network: openssl-0.9.6b-36.i686.rpm 7. Verificationx: MD5 sum Package Name - - -------------------------------------------------------------------------- 8f3d7ca8ef6a47d00259a519c239e5d3 2.1AS/en/os/SRPMS/openssl-0.9.6b-36.src.rpm e3842e7dab9f5cb4efa251dd16205135 2.1AS/en/os/SRPMS/openssl095a-0.9.5a-24.src.rpm 36c81d8e1e6a26b922ef0c73ce3eb539 2.1AS/en/os/SRPMS/openssl096-0.9.6-25.7.src.rpm 439f47a177c1b01d3878b97625460ea9 2.1AS/en/os/i386/openssl-0.9.6b-36.i386.rpm 54b446957432342efa342dd05337f948 2.1AS/en/os/i386/openssl-devel-0.9.6b-36.i386.rpm db43fc0a9401abfc062082fa4e608846 2.1AS/en/os/i386/openssl-perl-0.9.6b-36.i386.rpm f47e4ea5755b24338b70cec6ce8f8733 2.1AS/en/os/i386/openssl095a-0.9.5a-24.i386.rpm f44addfbcb59aad27e712dbef8e4034d 2.1AS/en/os/i386/openssl096-0.9.6-25.7.i386.rpm ef981571de5836325a38e14bfb3201d0 2.1AS/en/os/i686/openssl-0.9.6b-36.i686.rpm 571963bdfc587a2f1466d2b8cb398281 2.1AS/en/os/ia64/openssl-0.9.6b-36.ia64.rpm 1925243ab935d22540fc178e36617f74 2.1AS/en/os/ia64/openssl-devel-0.9.6b-36.ia64.rpm 627fc8b39db3c9980243a407f8eebee9 2.1AS/en/os/ia64/openssl-perl-0.9.6b-36.ia64.rpm eabcdec0a8336fb9131d835a27e9f869 2.1AS/en/os/ia64/openssl095a-0.9.5a-24.ia64.rpm c2949d24e2bbd0135971bde45e19ca85 2.1AS/en/os/ia64/openssl096-0.9.6-25.7.ia64.rpm 8f3d7ca8ef6a47d00259a519c239e5d3 2.1AW/en/os/SRPMS/openssl-0.9.6b-36.src.rpm e3842e7dab9f5cb4efa251dd16205135 2.1AW/en/os/SRPMS/openssl095a-0.9.5a-24.src.rpm 36c81d8e1e6a26b922ef0c73ce3eb539 2.1AW/en/os/SRPMS/openssl096-0.9.6-25.7.src.rpm 571963bdfc587a2f1466d2b8cb398281 2.1AW/en/os/ia64/openssl-0.9.6b-36.ia64.rpm 1925243ab935d22540fc178e36617f74 2.1AW/en/os/ia64/openssl-devel-0.9.6b-36.ia64.rpm 627fc8b39db3c9980243a407f8eebee9 2.1AW/en/os/ia64/openssl-perl-0.9.6b-36.ia64.rpm eabcdec0a8336fb9131d835a27e9f869 2.1AW/en/os/ia64/openssl095a-0.9.5a-24.ia64.rpm c2949d24e2bbd0135971bde45e19ca85 2.1AW/en/os/ia64/openssl096-0.9.6-25.7.ia64.rpm 8f3d7ca8ef6a47d00259a519c239e5d3 2.1ES/en/os/SRPMS/openssl-0.9.6b-36.src.rpm 439f47a177c1b01d3878b97625460ea9 2.1ES/en/os/i386/openssl-0.9.6b-36.i386.rpm 54b446957432342efa342dd05337f948 2.1ES/en/os/i386/openssl-devel-0.9.6b-36.i386.rpm db43fc0a9401abfc062082fa4e608846 2.1ES/en/os/i386/openssl-perl-0.9.6b-36.i386.rpm ef981571de5836325a38e14bfb3201d0 2.1ES/en/os/i686/openssl-0.9.6b-36.i686.rpm 8f3d7ca8ef6a47d00259a519c239e5d3 2.1WS/en/os/SRPMS/openssl-0.9.6b-36.src.rpm 439f47a177c1b01d3878b97625460ea9 2.1WS/en/os/i386/openssl-0.9.6b-36.i386.rpm 54b446957432342efa342dd05337f948 2.1WS/en/os/i386/openssl-devel-0.9.6b-36.i386.rpm db43fc0a9401abfc062082fa4e608846 2.1WS/en/os/i386/openssl-perl-0.9.6b-36.i386.rpm ef981571de5836325a38e14bfb3201d0 2.1WS/en/os/i686/openssl-0.9.6b-36.i686.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/keys.html You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum <filename> 8. References: http://www.codenomicon.com/testtools/tls/ http://www.niscc.gov.uk/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0851 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/solutions/security/news/contact.html Copyright 2003 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAWEZaXlSAg2UNWIIRAuQqAKC8szOgScXZgUFYi+Jr/o3eByySnwCcClZX qvj+0FFcUh+ZuwRufd4eUxg= =6Jjb - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated OpenSSL packages fix vulnerabilities Advisory ID: RHSA-2004:120-01 Issue date: 2004-03-17 Updated on: 2004-03-17 Product: Red Hat Enterprise Linux Keywords: DoS Cross references: Obsoletes: RHBA-2003:295 CVE Names: CAN-2004-0079 CAN-2004-0081 CAN-2004-0112 - - --------------------------------------------------------------------- 1. Topic: Updated OpenSSL packages that fix several remote denial of service vulnerabilities are available for Red Hat Enterprise Linux 3. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, i686, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, i686 Red Hat Enterprise Linux WS version 3 - i386, i686, ia64, x86_64 3. Problem description: The OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1) protocols, and serves as a full-strength general purpose cryptography library. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function in OpenSSL 0.9.6c-0.9.6k and 0.9.7a-0.9.7c. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that uses the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0079 to this issue. Stephen Henson discovered a flaw in SSL/TLS handshaking code when using Kerberos ciphersuites in OpenSSL 0.9.7a-0.9.7c. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected by this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0112 to this issue. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that may lead to a denial of service attack (infinite loop). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0081 to this issue. This issue affects only the OpenSSL compatibility packages shipped with Red Hat Enterprise Linux 3. These updated packages contain patches provided by the OpenSSL group that protect against these issues. Additionally, the version of libica included in the OpenSSL packages has been updated to 1.3.5. This only affects IBM s390 and IBM eServer zSeries customers and is required for the latest openCryptoki packages. NOTE: Because server applications are affected by this issue, users are advised to either restart all services that use OpenSSL functionality or restart their systems after installing these updates. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 117770 - CAN-2004-0079/0081/0112 Flaws in OpenSSL 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm i386: Available from Red Hat Network: openssl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.i386.rpm i686: Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm ia64: Available from Red Hat Network: openssl-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.ia64.rpm ppc: Available from Red Hat Network: openssl-0.9.7a-33.4.ppc.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.ppc.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.ppc.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.ppc.rpm ppc64: Available from Red Hat Network: openssl-0.9.7a-33.4.ppc64.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.ppc64.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.ppc64.rpm s390: Available from Red Hat Network: openssl-0.9.7a-33.4.s390.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.s390.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.s390.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.s390.rpm s390x: Available from Red Hat Network: openssl-0.9.7a-33.4.s390x.rpm Available from Red Hat Network: openssl-0.9.7a-33.4.s390.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.s390x.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.s390x.rpm x86_64: Available from Red Hat Network: openssl-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm i386: Available from Red Hat Network: openssl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.i386.rpm i686: Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm i386: Available from Red Hat Network: openssl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.i386.rpm i686: Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm ia64: Available from Red Hat Network: openssl-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.ia64.rpm x86_64: Available from Red Hat Network: openssl-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.x86_64.rpm 7. Verificationx: MD5 sum Package Name - - -------------------------------------------------------------------------- 3b3b2a993ec786f7a1f31c7ec284ea1e 3AS/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm fbe9785da72499e6a1bd2063ed6f4c98 3AS/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm d05bb8902819dc2c689a70e9db80d744 3AS/en/os/i386/openssl-0.9.7a-33.4.i386.rpm 3f3d4ecbe4b1587939502f92f24e2b37 3AS/en/os/i386/openssl-devel-0.9.7a-33.4.i386.rpm 7dbb734563c4c2ba2b1c4f2908e452ce 3AS/en/os/i386/openssl-perl-0.9.7a-33.4.i386.rpm 01f99bab463ea2a0c34a2435776bbb07 3AS/en/os/i386/openssl096b-0.9.6b-16.i386.rpm 23ea387b8e0d59674b221cf6bd711da5 3AS/en/os/i686/openssl-0.9.7a-33.4.i686.rpm 55cabb0cf72a17fbdc4ec3f645189506 3AS/en/os/ia64/openssl-0.9.7a-33.4.ia64.rpm 23ea387b8e0d59674b221cf6bd711da5 3AS/en/os/ia64/openssl-0.9.7a-33.4.i686.rpm 3199e19f8077fc05b34315f214ac721c 3AS/en/os/ia64/openssl-devel-0.9.7a-33.4.ia64.rpm c861a0dd00d2f843ac8c7865f78103b2 3AS/en/os/ia64/openssl-perl-0.9.7a-33.4.ia64.rpm 0152bfbded573d76abe5463cdda0f12f 3AS/en/os/ia64/openssl096b-0.9.6b-16.ia64.rpm 99c6aeac7b0ea8535e1984459d76e3bf 3AS/en/os/ppc/openssl-0.9.7a-33.4.ppc.rpm 76ebb7864ad21d231a557a0819ec9de9 3AS/en/os/ppc/openssl-devel-0.9.7a-33.4.ppc.rpm cfe5035405485155fad6e270f62ac383 3AS/en/os/ppc/openssl-perl-0.9.7a-33.4.ppc.rpm 4e648449f2c1db92a638b0287fd42165 3AS/en/os/ppc/openssl096b-0.9.6b-16.ppc.rpm ed685cb7cec41e6dfbd56914aeb074b5 3AS/en/os/ppc64/openssl-0.9.7a-33.4.ppc64.rpm 7ebb94cbb8175dd1e974254a51c72b44 3AS/en/os/ppc64/openssl-devel-0.9.7a-33.4.ppc64.rpm d87236c47aba867545991572eb06b3d8 3AS/en/os/ppc64/openssl-perl-0.9.7a-33.4.ppc64.rpm bef3431f7d8c1aef5342b63b59995d4b 3AS/en/os/s390/openssl-0.9.7a-33.4.s390.rpm c5be24b20d318c17634fe70e548a49c4 3AS/en/os/s390/openssl-devel-0.9.7a-33.4.s390.rpm 8047af064fc9b2c4473208ef71f89551 3AS/en/os/s390/openssl-perl-0.9.7a-33.4.s390.rpm bf0a81fbcde746ad2d90502fa07e2b08 3AS/en/os/s390/openssl096b-0.9.6b-16.s390.rpm e32a76bcacbdf9784cea51e72ebbd0be 3AS/en/os/s390x/openssl-0.9.7a-33.4.s390x.rpm bef3431f7d8c1aef5342b63b59995d4b 3AS/en/os/s390x/openssl-0.9.7a-33.4.s390.rpm a79b9cf9018edc2a329569bdf4539012 3AS/en/os/s390x/openssl-devel-0.9.7a-33.4.s390x.rpm 94d49f39aa1e86c37e697ece88b1dcfb 3AS/en/os/s390x/openssl-perl-0.9.7a-33.4.s390x.rpm 02e2620abd085cca1fd3ff02d6e6b027 3AS/en/os/x86_64/openssl-0.9.7a-33.4.x86_64.rpm 23ea387b8e0d59674b221cf6bd711da5 3AS/en/os/x86_64/openssl-0.9.7a-33.4.i686.rpm 31ee33af40c6077a0433c50227bf1d2f 3AS/en/os/x86_64/openssl-devel-0.9.7a-33.4.x86_64.rpm 5b6fef5ba19a4abc843da86aa285110e 3AS/en/os/x86_64/openssl-perl-0.9.7a-33.4.x86_64.rpm 93d75bd894053d6017157269654f2580 3AS/en/os/x86_64/openssl096b-0.9.6b-16.x86_64.rpm 3b3b2a993ec786f7a1f31c7ec284ea1e 3ES/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm fbe9785da72499e6a1bd2063ed6f4c98 3ES/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm d05bb8902819dc2c689a70e9db80d744 3ES/en/os/i386/openssl-0.9.7a-33.4.i386.rpm 3f3d4ecbe4b1587939502f92f24e2b37 3ES/en/os/i386/openssl-devel-0.9.7a-33.4.i386.rpm 7dbb734563c4c2ba2b1c4f2908e452ce 3ES/en/os/i386/openssl-perl-0.9.7a-33.4.i386.rpm 01f99bab463ea2a0c34a2435776bbb07 3ES/en/os/i386/openssl096b-0.9.6b-16.i386.rpm 23ea387b8e0d59674b221cf6bd711da5 3ES/en/os/i686/openssl-0.9.7a-33.4.i686.rpm 3b3b2a993ec786f7a1f31c7ec284ea1e 3WS/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm fbe9785da72499e6a1bd2063ed6f4c98 3WS/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm d05bb8902819dc2c689a70e9db80d744 3WS/en/os/i386/openssl-0.9.7a-33.4.i386.rpm 3f3d4ecbe4b1587939502f92f24e2b37 3WS/en/os/i386/openssl-devel-0.9.7a-33.4.i386.rpm 7dbb734563c4c2ba2b1c4f2908e452ce 3WS/en/os/i386/openssl-perl-0.9.7a-33.4.i386.rpm 01f99bab463ea2a0c34a2435776bbb07 3WS/en/os/i386/openssl096b-0.9.6b-16.i386.rpm 23ea387b8e0d59674b221cf6bd711da5 3WS/en/os/i686/openssl-0.9.7a-33.4.i686.rpm 55cabb0cf72a17fbdc4ec3f645189506 3WS/en/os/ia64/openssl-0.9.7a-33.4.ia64.rpm 23ea387b8e0d59674b221cf6bd711da5 3WS/en/os/ia64/openssl-0.9.7a-33.4.i686.rpm 3199e19f8077fc05b34315f214ac721c 3WS/en/os/ia64/openssl-devel-0.9.7a-33.4.ia64.rpm c861a0dd00d2f843ac8c7865f78103b2 3WS/en/os/ia64/openssl-perl-0.9.7a-33.4.ia64.rpm 0152bfbded573d76abe5463cdda0f12f 3WS/en/os/ia64/openssl096b-0.9.6b-16.ia64.rpm 02e2620abd085cca1fd3ff02d6e6b027 3WS/en/os/x86_64/openssl-0.9.7a-33.4.x86_64.rpm 23ea387b8e0d59674b221cf6bd711da5 3WS/en/os/x86_64/openssl-0.9.7a-33.4.i686.rpm 31ee33af40c6077a0433c50227bf1d2f 3WS/en/os/x86_64/openssl-devel-0.9.7a-33.4.x86_64.rpm 5b6fef5ba19a4abc843da86aa285110e 3WS/en/os/x86_64/openssl-perl-0.9.7a-33.4.x86_64.rpm 93d75bd894053d6017157269654f2580 3WS/en/os/x86_64/openssl096b-0.9.6b-16.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/keys.html You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum <filename> 8. References: http://www.codenomicon.com/testtools/tls/ http://www.niscc.gov.uk/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/solutions/security/news/contact.html Copyright 2003 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAWFmrXlSAg2UNWIIRAndyAKCtacgovK6c9LmshC+HyEE0J5CFHQCggoIK D/NDUoZS+KsWkiuNGWYp6hg= =0Fqz - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQFj57ih9+71yA2DNAQL/lwQAkfJDrhka2xZO04dzY1xRBPJrngC8jf9V 7/zOcnysl+0Izk0seTY+g2bCVx4Nctih/lFoNNhqrybAgMA61dLU7GMWbjHf9ljn QpoF22P/uAzKYa68c/1201vKm7rqnNAWDdu+LZXVz8/7B2QNxqxrgeGUC6oixLPE qx4zbr4icTY= =bCt6 -----END PGP SIGNATURE-----