Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2005.0811 -- RHSA-2005:800-01
Moderate: openssl security update
12 October 2005
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openssl
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 4
Red Hat Enterprise Linux Desktop 4
Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop 3
Red Hat Enterprise Linux AS/ES/WS 2.1
Red Hat Linux Advanced Workstation 2.1
Impact: Reduced Security
Access Confidential Data
Increased Privileges
Access: Remote/Unauthenticated
CVE Names: CAN-2005-2969 CAN-2005-0109
Ref: ESB-2005.0385
ESB-2005.0801
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-800.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2005:800-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-800.html
Issue date: 2005-10-11
Updated on: 2005-10-11
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-2969 CAN-2005-0109
- - ---------------------------------------------------------------------
1. Summary:
Updated OpenSSL packages that fix various security issues are now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
OpenSSL contained a software work-around for a bug in SSL handling in
Microsoft Internet Explorer version 3.0.2. This work-around is enabled in
most servers that use OpenSSL to provide support for SSL and TLS. Yutaka
Oiwa discovered that this work-around could allow an attacker, acting as a
"man in the middle" to force an SSL connection to use SSL 2.0 rather than a
stronger protocol such as SSL 3.0 or TLS 1.0. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2969
to this issue.
A bug was also fixed in the way OpenSSL creates DSA signatures. A cache
timing attack was fixed in RHSA-2005-476 which caused OpenSSL to do private
key calculations with a fixed time window. The DSA fix for this was not
complete and the calculations are not always performed within a
fixed-window. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0109 to this issue.
Users are advised to upgrade to these updated packages, which remove the
MISE 3.0.2 work-around and contain patches to correct these issues.
Note: After installing this update, users are advised to either
restart all services that use OpenSSL or restart their system.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
169863 - CAN-2005-2969 Potential SSL 2.0 Rollback
170036 - CAN-2005-0109 DSA signing not quite constant time
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl-0.9.6b-40.src.rpm
d748ded27f74e62bbbeb534d7e8c57a6 openssl-0.9.6b-40.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl095a-0.9.5a-26.src.rpm
a7cbf626fdd543cdde496b7c1bd90deb openssl095a-0.9.5a-26.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl096-0.9.6-27.src.rpm
a22723bc1cebefaf0bf1732db1b6993a openssl096-0.9.6-27.src.rpm
i386:
7598a76054596595dbf8a27704cfe443 openssl-0.9.6b-40.i386.rpm
7b87e812c7525fff5359c447af9bff31 openssl-0.9.6b-40.i686.rpm
cc868bc2eecbd4c868d350e9f0b75bca openssl-devel-0.9.6b-40.i386.rpm
c15fb21ea44810c6199574a083c1ff28 openssl-perl-0.9.6b-40.i386.rpm
f2627de5b33f88fe10a45e48c795f238 openssl095a-0.9.5a-26.i386.rpm
3d7007cd5d63c3be7edb16c65fb016bb openssl096-0.9.6-27.i386.rpm
ia64:
15f6e57309e119e11e902408f9e555ac openssl-0.9.6b-40.ia64.rpm
6af1c3bedd8aa0457a78cb250fe4efab openssl-devel-0.9.6b-40.ia64.rpm
7a23a73d58531a0cacabd83e10c5fc28 openssl-perl-0.9.6b-40.ia64.rpm
2d7b85a090d85e26c4965bc96827d716 openssl095a-0.9.5a-26.ia64.rpm
1b838b7f6891028d30dbeb9550d02cc9 openssl096-0.9.6-27.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl-0.9.6b-40.src.rpm
d748ded27f74e62bbbeb534d7e8c57a6 openssl-0.9.6b-40.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl095a-0.9.5a-26.src.rpm
a7cbf626fdd543cdde496b7c1bd90deb openssl095a-0.9.5a-26.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl096-0.9.6-27.src.rpm
a22723bc1cebefaf0bf1732db1b6993a openssl096-0.9.6-27.src.rpm
ia64:
15f6e57309e119e11e902408f9e555ac openssl-0.9.6b-40.ia64.rpm
6af1c3bedd8aa0457a78cb250fe4efab openssl-devel-0.9.6b-40.ia64.rpm
7a23a73d58531a0cacabd83e10c5fc28 openssl-perl-0.9.6b-40.ia64.rpm
2d7b85a090d85e26c4965bc96827d716 openssl095a-0.9.5a-26.ia64.rpm
1b838b7f6891028d30dbeb9550d02cc9 openssl096-0.9.6-27.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openssl-0.9.6b-40.src.rpm
d748ded27f74e62bbbeb534d7e8c57a6 openssl-0.9.6b-40.src.rpm
i386:
7598a76054596595dbf8a27704cfe443 openssl-0.9.6b-40.i386.rpm
7b87e812c7525fff5359c447af9bff31 openssl-0.9.6b-40.i686.rpm
cc868bc2eecbd4c868d350e9f0b75bca openssl-devel-0.9.6b-40.i386.rpm
c15fb21ea44810c6199574a083c1ff28 openssl-perl-0.9.6b-40.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openssl-0.9.6b-40.src.rpm
d748ded27f74e62bbbeb534d7e8c57a6 openssl-0.9.6b-40.src.rpm
i386:
7598a76054596595dbf8a27704cfe443 openssl-0.9.6b-40.i386.rpm
7b87e812c7525fff5359c447af9bff31 openssl-0.9.6b-40.i686.rpm
cc868bc2eecbd4c868d350e9f0b75bca openssl-devel-0.9.6b-40.i386.rpm
c15fb21ea44810c6199574a083c1ff28 openssl-perl-0.9.6b-40.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl-0.9.7a-33.17.src.rpm
354b6fe6f3f7c554e214705476f5fd6b openssl-0.9.7a-33.17.src.rpm
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl096b-0.9.6b-16.22.4.src.rpm
51050db4274f8cf2c23e83b9f920823c openssl096b-0.9.6b-16.22.4.src.rpm
i386:
19ef2fd3daf3a64ef387d829e02fa13d openssl-0.9.7a-33.17.i386.rpm
c52ed50d9e3fa7f83524095e874761e2 openssl-0.9.7a-33.17.i686.rpm
b67de10b4d936e6c6e15842669891dd5 openssl-devel-0.9.7a-33.17.i386.rpm
e62d8bb92888a355c7568d981b52a00c openssl-perl-0.9.7a-33.17.i386.rpm
06e626b195f69b935eb47c19389b3cc5 openssl096b-0.9.6b-16.22.4.i386.rpm
ia64:
c52ed50d9e3fa7f83524095e874761e2 openssl-0.9.7a-33.17.i686.rpm
63367058530617620126aa655e1c564d openssl-0.9.7a-33.17.ia64.rpm
5e316e5cc36068ee8afe9bfa95f61a15 openssl-devel-0.9.7a-33.17.ia64.rpm
e44fe78a64bcbe2511c523bf1ab78011 openssl-perl-0.9.7a-33.17.ia64.rpm
06e626b195f69b935eb47c19389b3cc5 openssl096b-0.9.6b-16.22.4.i386.rpm
fae0e7644a317001f0ac387213f77f87 openssl096b-0.9.6b-16.22.4.ia64.rpm
ppc:
3af4d96fa3ee2b80ba5e2854a5131a80 openssl-0.9.7a-33.17.ppc.rpm
79b90e9978aea6fb3f4e46facdb17fb7 openssl-0.9.7a-33.17.ppc64.rpm
863b56d4fd9ad3bb665dc47db79b908b openssl-devel-0.9.7a-33.17.ppc.rpm
4bb33e19267f259dc942cae30f362693 openssl-perl-0.9.7a-33.17.ppc.rpm
6760f451c6117d996d481bec58cb61ad openssl096b-0.9.6b-16.22.4.ppc.rpm
s390:
dcc3b6bc8db4e2b1108bf3f1b10fc67b openssl-0.9.7a-33.17.s390.rpm
43ad0817ff7ca0daec654d117ee9960e openssl-devel-0.9.7a-33.17.s390.rpm
d9fd01ad2432de59efa1c1c45dd66a83 openssl-perl-0.9.7a-33.17.s390.rpm
273e02eb3c9a6d6a1be07ffaf1890ac1 openssl096b-0.9.6b-16.22.4.s390.rpm
s390x:
dcc3b6bc8db4e2b1108bf3f1b10fc67b openssl-0.9.7a-33.17.s390.rpm
bb9a77d45b3ae89c999766ae27f89bdb openssl-0.9.7a-33.17.s390x.rpm
4b4a898eeaa57b501bca9cfd648565d1 openssl-devel-0.9.7a-33.17.s390x.rpm
430c0f982d0046b35fedbcd28ef5ee85 openssl-perl-0.9.7a-33.17.s390x.rpm
273e02eb3c9a6d6a1be07ffaf1890ac1 openssl096b-0.9.6b-16.22.4.s390.rpm
x86_64:
c52ed50d9e3fa7f83524095e874761e2 openssl-0.9.7a-33.17.i686.rpm
f9ed153d791467b2d483c9720bb0691c openssl-0.9.7a-33.17.x86_64.rpm
f83a7b2ebbf6521cda11eb9f289c5be2 openssl-devel-0.9.7a-33.17.x86_64.rpm
35be124181254ab736220873b93ef435 openssl-perl-0.9.7a-33.17.x86_64.rpm
06e626b195f69b935eb47c19389b3cc5 openssl096b-0.9.6b-16.22.4.i386.rpm
8ef52be550794612982f48dc44a75164 openssl096b-0.9.6b-16.22.4.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl-0.9.7a-33.17.src.rpm
354b6fe6f3f7c554e214705476f5fd6b openssl-0.9.7a-33.17.src.rpm
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl096b-0.9.6b-16.22.4.src.rpm
51050db4274f8cf2c23e83b9f920823c openssl096b-0.9.6b-16.22.4.src.rpm
i386:
19ef2fd3daf3a64ef387d829e02fa13d openssl-0.9.7a-33.17.i386.rpm
c52ed50d9e3fa7f83524095e874761e2 openssl-0.9.7a-33.17.i686.rpm
b67de10b4d936e6c6e15842669891dd5 openssl-devel-0.9.7a-33.17.i386.rpm
e62d8bb92888a355c7568d981b52a00c openssl-perl-0.9.7a-33.17.i386.rpm
06e626b195f69b935eb47c19389b3cc5 openssl096b-0.9.6b-16.22.4.i386.rpm
x86_64:
c52ed50d9e3fa7f83524095e874761e2 openssl-0.9.7a-33.17.i686.rpm
f9ed153d791467b2d483c9720bb0691c openssl-0.9.7a-33.17.x86_64.rpm
f83a7b2ebbf6521cda11eb9f289c5be2 openssl-devel-0.9.7a-33.17.x86_64.rpm
35be124181254ab736220873b93ef435 openssl-perl-0.9.7a-33.17.x86_64.rpm
06e626b195f69b935eb47c19389b3cc5 openssl096b-0.9.6b-16.22.4.i386.rpm
8ef52be550794612982f48dc44a75164 openssl096b-0.9.6b-16.22.4.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl-0.9.7a-33.17.src.rpm
354b6fe6f3f7c554e214705476f5fd6b openssl-0.9.7a-33.17.src.rpm
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl096b-0.9.6b-16.22.4.src.rpm
51050db4274f8cf2c23e83b9f920823c openssl096b-0.9.6b-16.22.4.src.rpm
i386:
19ef2fd3daf3a64ef387d829e02fa13d openssl-0.9.7a-33.17.i386.rpm
c52ed50d9e3fa7f83524095e874761e2 openssl-0.9.7a-33.17.i686.rpm
b67de10b4d936e6c6e15842669891dd5 openssl-devel-0.9.7a-33.17.i386.rpm
e62d8bb92888a355c7568d981b52a00c openssl-perl-0.9.7a-33.17.i386.rpm
06e626b195f69b935eb47c19389b3cc5 openssl096b-0.9.6b-16.22.4.i386.rpm
ia64:
c52ed50d9e3fa7f83524095e874761e2 openssl-0.9.7a-33.17.i686.rpm
63367058530617620126aa655e1c564d openssl-0.9.7a-33.17.ia64.rpm
5e316e5cc36068ee8afe9bfa95f61a15 openssl-devel-0.9.7a-33.17.ia64.rpm
e44fe78a64bcbe2511c523bf1ab78011 openssl-perl-0.9.7a-33.17.ia64.rpm
06e626b195f69b935eb47c19389b3cc5 openssl096b-0.9.6b-16.22.4.i386.rpm
fae0e7644a317001f0ac387213f77f87 openssl096b-0.9.6b-16.22.4.ia64.rpm
x86_64:
c52ed50d9e3fa7f83524095e874761e2 openssl-0.9.7a-33.17.i686.rpm
f9ed153d791467b2d483c9720bb0691c openssl-0.9.7a-33.17.x86_64.rpm
f83a7b2ebbf6521cda11eb9f289c5be2 openssl-devel-0.9.7a-33.17.x86_64.rpm
35be124181254ab736220873b93ef435 openssl-perl-0.9.7a-33.17.x86_64.rpm
06e626b195f69b935eb47c19389b3cc5 openssl096b-0.9.6b-16.22.4.i386.rpm
8ef52be550794612982f48dc44a75164 openssl096b-0.9.6b-16.22.4.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl-0.9.7a-33.17.src.rpm
354b6fe6f3f7c554e214705476f5fd6b openssl-0.9.7a-33.17.src.rpm
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl096b-0.9.6b-16.22.4.src.rpm
51050db4274f8cf2c23e83b9f920823c openssl096b-0.9.6b-16.22.4.src.rpm
i386:
19ef2fd3daf3a64ef387d829e02fa13d openssl-0.9.7a-33.17.i386.rpm
c52ed50d9e3fa7f83524095e874761e2 openssl-0.9.7a-33.17.i686.rpm
b67de10b4d936e6c6e15842669891dd5 openssl-devel-0.9.7a-33.17.i386.rpm
e62d8bb92888a355c7568d981b52a00c openssl-perl-0.9.7a-33.17.i386.rpm
06e626b195f69b935eb47c19389b3cc5 openssl096b-0.9.6b-16.22.4.i386.rpm
ia64:
c52ed50d9e3fa7f83524095e874761e2 openssl-0.9.7a-33.17.i686.rpm
63367058530617620126aa655e1c564d openssl-0.9.7a-33.17.ia64.rpm
5e316e5cc36068ee8afe9bfa95f61a15 openssl-devel-0.9.7a-33.17.ia64.rpm
e44fe78a64bcbe2511c523bf1ab78011 openssl-perl-0.9.7a-33.17.ia64.rpm
06e626b195f69b935eb47c19389b3cc5 openssl096b-0.9.6b-16.22.4.i386.rpm
fae0e7644a317001f0ac387213f77f87 openssl096b-0.9.6b-16.22.4.ia64.rpm
x86_64:
c52ed50d9e3fa7f83524095e874761e2 openssl-0.9.7a-33.17.i686.rpm
f9ed153d791467b2d483c9720bb0691c openssl-0.9.7a-33.17.x86_64.rpm
f83a7b2ebbf6521cda11eb9f289c5be2 openssl-devel-0.9.7a-33.17.x86_64.rpm
35be124181254ab736220873b93ef435 openssl-perl-0.9.7a-33.17.x86_64.rpm
06e626b195f69b935eb47c19389b3cc5 openssl096b-0.9.6b-16.22.4.i386.rpm
8ef52be550794612982f48dc44a75164 openssl096b-0.9.6b-16.22.4.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl-0.9.7a-43.4.src.rpm
41053d76c1b7ca3e9f39e0a72f9e5516 openssl-0.9.7a-43.4.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl096b-0.9.6b-22.4.src.rpm
fd850ca74d4c62cd275df9d1faf1a0bc openssl096b-0.9.6b-22.4.src.rpm
i386:
078d5f370a0865e4ff89587e1e4a70e6 openssl-0.9.7a-43.4.i386.rpm
24e284285b1475fe404e187c5c71d85e openssl-0.9.7a-43.4.i686.rpm
8c82fce2ae4a899050a7c482d083fe26 openssl-devel-0.9.7a-43.4.i386.rpm
152c3c792f99930617b7415c0e44cee9 openssl-perl-0.9.7a-43.4.i386.rpm
b8fefe05d31388429660d34b30a6b63f openssl096b-0.9.6b-22.4.i386.rpm
ia64:
24e284285b1475fe404e187c5c71d85e openssl-0.9.7a-43.4.i686.rpm
d62851760f66f1243c6261952588d14b openssl-0.9.7a-43.4.ia64.rpm
c14121a3f8923eb5c45b56e2aaf300bb openssl-devel-0.9.7a-43.4.ia64.rpm
dc18361ff72e8d6bf1d900e68a1be977 openssl-perl-0.9.7a-43.4.ia64.rpm
b8fefe05d31388429660d34b30a6b63f openssl096b-0.9.6b-22.4.i386.rpm
904defad4950d4be4a5440a56e93d9d3 openssl096b-0.9.6b-22.4.ia64.rpm
ppc:
3b8d4cbce1b67efd6c2cbe3aa3365858 openssl-0.9.7a-43.4.ppc.rpm
bdf81b9f8225b1a66d0d15bfe74ed7fa openssl-0.9.7a-43.4.ppc64.rpm
5d9f79d875b7d91d74b1ec0c134b231f openssl-devel-0.9.7a-43.4.ppc.rpm
83afc96da53b50e2cbde2595b3b68a99 openssl-perl-0.9.7a-43.4.ppc.rpm
5150cc49279a92100bc9f1e06c8ecebb openssl096b-0.9.6b-22.4.ppc.rpm
s390:
f5795878194436f60e96b6ce513b9b30 openssl-0.9.7a-43.4.s390.rpm
22cf17b11d3a044df2887eab133428f9 openssl-devel-0.9.7a-43.4.s390.rpm
745e5b912ecb0ae9702e278adcfae75e openssl-perl-0.9.7a-43.4.s390.rpm
34dc34a9c4ab3190b36c48d730a58cc7 openssl096b-0.9.6b-22.4.s390.rpm
s390x:
f5795878194436f60e96b6ce513b9b30 openssl-0.9.7a-43.4.s390.rpm
690dc17cd3c1d6dca7dc80dfea81ee7e openssl-0.9.7a-43.4.s390x.rpm
e6ba82c77b1c88b440db92608ca612ac openssl-devel-0.9.7a-43.4.s390x.rpm
185ba8108fc9e4b6fa95757b906e29bb openssl-perl-0.9.7a-43.4.s390x.rpm
34dc34a9c4ab3190b36c48d730a58cc7 openssl096b-0.9.6b-22.4.s390.rpm
x86_64:
24e284285b1475fe404e187c5c71d85e openssl-0.9.7a-43.4.i686.rpm
d5b71525c2dbc6061ef1a92257d1002f openssl-0.9.7a-43.4.x86_64.rpm
6d6ad93bc9a5e4ee479c9680369cb520 openssl-devel-0.9.7a-43.4.x86_64.rpm
3ddd6acb3032f402308e7aa7881b6100 openssl-perl-0.9.7a-43.4.x86_64.rpm
b8fefe05d31388429660d34b30a6b63f openssl096b-0.9.6b-22.4.i386.rpm
8e87576bd717ea310051520aec474bcd openssl096b-0.9.6b-22.4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl-0.9.7a-43.4.src.rpm
41053d76c1b7ca3e9f39e0a72f9e5516 openssl-0.9.7a-43.4.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl096b-0.9.6b-22.4.src.rpm
fd850ca74d4c62cd275df9d1faf1a0bc openssl096b-0.9.6b-22.4.src.rpm
i386:
078d5f370a0865e4ff89587e1e4a70e6 openssl-0.9.7a-43.4.i386.rpm
24e284285b1475fe404e187c5c71d85e openssl-0.9.7a-43.4.i686.rpm
8c82fce2ae4a899050a7c482d083fe26 openssl-devel-0.9.7a-43.4.i386.rpm
152c3c792f99930617b7415c0e44cee9 openssl-perl-0.9.7a-43.4.i386.rpm
b8fefe05d31388429660d34b30a6b63f openssl096b-0.9.6b-22.4.i386.rpm
x86_64:
24e284285b1475fe404e187c5c71d85e openssl-0.9.7a-43.4.i686.rpm
d5b71525c2dbc6061ef1a92257d1002f openssl-0.9.7a-43.4.x86_64.rpm
6d6ad93bc9a5e4ee479c9680369cb520 openssl-devel-0.9.7a-43.4.x86_64.rpm
3ddd6acb3032f402308e7aa7881b6100 openssl-perl-0.9.7a-43.4.x86_64.rpm
b8fefe05d31388429660d34b30a6b63f openssl096b-0.9.6b-22.4.i386.rpm
8e87576bd717ea310051520aec474bcd openssl096b-0.9.6b-22.4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl-0.9.7a-43.4.src.rpm
41053d76c1b7ca3e9f39e0a72f9e5516 openssl-0.9.7a-43.4.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl096b-0.9.6b-22.4.src.rpm
fd850ca74d4c62cd275df9d1faf1a0bc openssl096b-0.9.6b-22.4.src.rpm
i386:
078d5f370a0865e4ff89587e1e4a70e6 openssl-0.9.7a-43.4.i386.rpm
24e284285b1475fe404e187c5c71d85e openssl-0.9.7a-43.4.i686.rpm
8c82fce2ae4a899050a7c482d083fe26 openssl-devel-0.9.7a-43.4.i386.rpm
152c3c792f99930617b7415c0e44cee9 openssl-perl-0.9.7a-43.4.i386.rpm
b8fefe05d31388429660d34b30a6b63f openssl096b-0.9.6b-22.4.i386.rpm
ia64:
24e284285b1475fe404e187c5c71d85e openssl-0.9.7a-43.4.i686.rpm
d62851760f66f1243c6261952588d14b openssl-0.9.7a-43.4.ia64.rpm
c14121a3f8923eb5c45b56e2aaf300bb openssl-devel-0.9.7a-43.4.ia64.rpm
dc18361ff72e8d6bf1d900e68a1be977 openssl-perl-0.9.7a-43.4.ia64.rpm
b8fefe05d31388429660d34b30a6b63f openssl096b-0.9.6b-22.4.i386.rpm
904defad4950d4be4a5440a56e93d9d3 openssl096b-0.9.6b-22.4.ia64.rpm
x86_64:
24e284285b1475fe404e187c5c71d85e openssl-0.9.7a-43.4.i686.rpm
d5b71525c2dbc6061ef1a92257d1002f openssl-0.9.7a-43.4.x86_64.rpm
6d6ad93bc9a5e4ee479c9680369cb520 openssl-devel-0.9.7a-43.4.x86_64.rpm
3ddd6acb3032f402308e7aa7881b6100 openssl-perl-0.9.7a-43.4.x86_64.rpm
b8fefe05d31388429660d34b30a6b63f openssl096b-0.9.6b-22.4.i386.rpm
8e87576bd717ea310051520aec474bcd openssl096b-0.9.6b-22.4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl-0.9.7a-43.4.src.rpm
41053d76c1b7ca3e9f39e0a72f9e5516 openssl-0.9.7a-43.4.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl096b-0.9.6b-22.4.src.rpm
fd850ca74d4c62cd275df9d1faf1a0bc openssl096b-0.9.6b-22.4.src.rpm
i386:
078d5f370a0865e4ff89587e1e4a70e6 openssl-0.9.7a-43.4.i386.rpm
24e284285b1475fe404e187c5c71d85e openssl-0.9.7a-43.4.i686.rpm
8c82fce2ae4a899050a7c482d083fe26 openssl-devel-0.9.7a-43.4.i386.rpm
152c3c792f99930617b7415c0e44cee9 openssl-perl-0.9.7a-43.4.i386.rpm
b8fefe05d31388429660d34b30a6b63f openssl096b-0.9.6b-22.4.i386.rpm
ia64:
24e284285b1475fe404e187c5c71d85e openssl-0.9.7a-43.4.i686.rpm
d62851760f66f1243c6261952588d14b openssl-0.9.7a-43.4.ia64.rpm
c14121a3f8923eb5c45b56e2aaf300bb openssl-devel-0.9.7a-43.4.ia64.rpm
dc18361ff72e8d6bf1d900e68a1be977 openssl-perl-0.9.7a-43.4.ia64.rpm
b8fefe05d31388429660d34b30a6b63f openssl096b-0.9.6b-22.4.i386.rpm
904defad4950d4be4a5440a56e93d9d3 openssl096b-0.9.6b-22.4.ia64.rpm
x86_64:
24e284285b1475fe404e187c5c71d85e openssl-0.9.7a-43.4.i686.rpm
d5b71525c2dbc6061ef1a92257d1002f openssl-0.9.7a-43.4.x86_64.rpm
6d6ad93bc9a5e4ee479c9680369cb520 openssl-devel-0.9.7a-43.4.x86_64.rpm
3ddd6acb3032f402308e7aa7881b6100 openssl-perl-0.9.7a-43.4.x86_64.rpm
b8fefe05d31388429660d34b30a6b63f openssl096b-0.9.6b-22.4.i386.rpm
8e87576bd717ea310051520aec474bcd openssl096b-0.9.6b-22.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFDS+TbXlSAg2UNWIIRAgaaAJ4yIfKbUnJ9KUQov8PRXwzWZh38CwCghy2V
ujOGZGM9p8/cOi5Z/C3CH6M=
=VEuk
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQ0ydnCh9+71yA2DNAQKy9wP/aNQ/6AyjFNCqlqtW1CEObybLr6AmycFG
ZbjXk1P7R4EfbfAFZm3VskDl0hhkg2uKNiNaS4kI+HYMClBcfLfBE2+tHqKjcckR
WS2Koc/bF6uvVWKOaRcDXasbmUZi7hv677yA3DKNQh4lMxSf3NWwNjQt2/BLanxA
TV0CY0x3CSk=
=YPTc
-----END PGP SIGNATURE-----