Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2007.0788 -- [RedHat] Important: openssl security update 23 October 2007 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openssl Publisher: Red Hat Operating System: Red Hat Enterprise Linux 2.1 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux Desktop 5 Impact: Execute Arbitrary Code/Commands Access Confidential Data Access: Remote/Unauthenticated CVE Names: CVE-2007-5135 CVE-2007-4995 CVE-2007-3108 Ref: AA-2007.0066 ESB-2007.0738 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0964.html https://rhn.redhat.com/errata/RHSA-2007-0813.html Comment: Please see https://rhn.redhat.com/errata/RHSA-2007-0813.html for updates to the Red Hat Linux 2.1 and 3 families. Revision History: October 23 2007: This update is now available for the Red Hat Linux 2.1 and 3 family of operating systems. October 15 2007: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2007:0964-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0964.html Issue date: 2007-10-12 Updated on: 2007-10-12 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-3108 CVE-2007-4995 CVE-2007-5135 - - --------------------------------------------------------------------- 1. Summary: Updated OpenSSL packages that correct several security issues are now available for Red Hat Enterprise 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (UDP for instance). The OpenSSL security team discovered a flaw in DTLS support. An attacker could create a malicious client or server that could trigger a heap overflow. This is possibly exploitable to run arbitrary code, but it has not been verified (CVE-2007-5135). Note that this flaw only affects applications making use of DTLS. Red Hat does not ship any DTLS client or server applications in Red Hat Enterprise Linux. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-4995). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Please note that the fix for the DTLS flaw involved an overhaul of the DTLS handshake processing which may introduce incompatibilities if a new client is used with an older server. After installing this update, users are advised to either restart all services that use OpenSSL or restart their system. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 245732 - CVE-2007-3108 RSA side-channel attack 309801 - CVE-2007-5135 openssl SSL_get_shared_ciphers() off-by-one 321191 - CVE-2007-4995 openssl dtls out of order vulnerabilitiy 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8b-8.3.el5_0.2.src.rpm 0e1fead78b32ddfbd8f6e18dee20e8a0 openssl-0.9.8b-8.3.el5_0.2.src.rpm i386: 66c597116250ca9316fb20bfc6065ce4 openssl-0.9.8b-8.3.el5_0.2.i386.rpm 1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm 998eaa38bde4414f7bfa9cc8394660f4 openssl-perl-0.9.8b-8.3.el5_0.2.i386.rpm x86_64: 1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm 33d947406912ffb50948ddf17cc9e529 openssl-0.9.8b-8.3.el5_0.2.x86_64.rpm a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm 05725c88ab3d0d1abced8ec3556e0e05 openssl-debuginfo-0.9.8b-8.3.el5_0.2.x86_64.rpm 2e1118104315fd3e5387b5e0ca969266 openssl-perl-0.9.8b-8.3.el5_0.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8b-8.3.el5_0.2.src.rpm 0e1fead78b32ddfbd8f6e18dee20e8a0 openssl-0.9.8b-8.3.el5_0.2.src.rpm i386: ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm 2457b8ad85d2197e1195ece6d9688bc2 openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm x86_64: ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm 05725c88ab3d0d1abced8ec3556e0e05 openssl-debuginfo-0.9.8b-8.3.el5_0.2.x86_64.rpm 2457b8ad85d2197e1195ece6d9688bc2 openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm 168a74a6be63fc1beb9b828da91bdfe5 openssl-devel-0.9.8b-8.3.el5_0.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssl-0.9.8b-8.3.el5_0.2.src.rpm 0e1fead78b32ddfbd8f6e18dee20e8a0 openssl-0.9.8b-8.3.el5_0.2.src.rpm i386: 66c597116250ca9316fb20bfc6065ce4 openssl-0.9.8b-8.3.el5_0.2.i386.rpm 1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm 2457b8ad85d2197e1195ece6d9688bc2 openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm 998eaa38bde4414f7bfa9cc8394660f4 openssl-perl-0.9.8b-8.3.el5_0.2.i386.rpm ia64: 1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm b025d862ca952a0289f55e04156cedb0 openssl-0.9.8b-8.3.el5_0.2.ia64.rpm a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm d0998e6d8191b972a01ddab5e222c0c8 openssl-debuginfo-0.9.8b-8.3.el5_0.2.ia64.rpm e8766e171cebbc2897f0642a0add2244 openssl-devel-0.9.8b-8.3.el5_0.2.ia64.rpm 270be09d92822984dee0c4d7e786fce3 openssl-perl-0.9.8b-8.3.el5_0.2.ia64.rpm ppc: 1141cf40960ae39388e4e8eeebc801b2 openssl-0.9.8b-8.3.el5_0.2.ppc.rpm e30551ffb11d12b7252f95fa3a5a10c5 openssl-0.9.8b-8.3.el5_0.2.ppc64.rpm 83d060df03f60db508c5c8e7aaf35a3c openssl-debuginfo-0.9.8b-8.3.el5_0.2.ppc.rpm db703c98b117309f1c3a51524e1f9889 openssl-debuginfo-0.9.8b-8.3.el5_0.2.ppc64.rpm a9b31f8ab0d0be84bf4a4c6a7f061187 openssl-devel-0.9.8b-8.3.el5_0.2.ppc.rpm ae7a02136749eb6add2064d575fe2358 openssl-devel-0.9.8b-8.3.el5_0.2.ppc64.rpm 9552d697daafba170ecd82a0e265292a openssl-perl-0.9.8b-8.3.el5_0.2.ppc.rpm s390x: b82c768d8fbb7ed7d62d867df39b96e5 openssl-0.9.8b-8.3.el5_0.2.s390.rpm 56868f24204f584792594cbec2744517 openssl-0.9.8b-8.3.el5_0.2.s390x.rpm eb5842143f9b0cd8e801969784673e07 openssl-debuginfo-0.9.8b-8.3.el5_0.2.s390.rpm 16125099c4d353a157e231cbb178ada4 openssl-debuginfo-0.9.8b-8.3.el5_0.2.s390x.rpm d1fdcc96b1e94d70339efe6ae9850ab7 openssl-devel-0.9.8b-8.3.el5_0.2.s390.rpm f7ee8f120dbbebbc5a0a51b3e9f6a86b openssl-devel-0.9.8b-8.3.el5_0.2.s390x.rpm e543b01864c8ef794d90fc680ba1698d openssl-perl-0.9.8b-8.3.el5_0.2.s390x.rpm x86_64: 1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm 33d947406912ffb50948ddf17cc9e529 openssl-0.9.8b-8.3.el5_0.2.x86_64.rpm ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm 05725c88ab3d0d1abced8ec3556e0e05 openssl-debuginfo-0.9.8b-8.3.el5_0.2.x86_64.rpm 2457b8ad85d2197e1195ece6d9688bc2 openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm 168a74a6be63fc1beb9b828da91bdfe5 openssl-devel-0.9.8b-8.3.el5_0.2.x86_64.rpm 2e1118104315fd3e5387b5e0ca969266 openssl-perl-0.9.8b-8.3.el5_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 http://www.openssl.org/news/secadv_20071012.txt http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHD1vxXlSAg2UNWIIRAk+5AKCmcMF7Oqfm1fKUNVtsnq3NUXaLbACgmgQv CgoN8N+kDwk1ouxGI6/bocM= =nhaG - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2007:0813-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0813.html Issue date: 2007-10-22 Updated on: 2007-10-22 Product: Red Hat Enterprise Linux Cross references: RHSA-2007:0806 CVE Names: CVE-2007-3108 CVE-2007-5135 - - --------------------------------------------------------------------- 1. Summary: Updated OpenSSL packages that correct security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 245732 - CVE-2007-3108 RSA side-channel attack 250573 - CVE-NONE openssl branch prediction attacks 309801 - CVE-2007-5135 openssl SSL_get_shared_ciphers() off-by-one 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl-0.9.6b-48.src.rpm 241c11e07657d431d82299dcdace1538 openssl-0.9.6b-48.src.rpm i386: e733431a8c900a5f6cda4ee24ff4370a openssl-0.9.6b-48.i386.rpm de59b644999b3c60c22b9ee707b3ad27 openssl-0.9.6b-48.i686.rpm 29a57ca9b091d27649aa00fe28916011 openssl-devel-0.9.6b-48.i386.rpm 8ddaf7d36daa25228d589b0b418518c7 openssl-perl-0.9.6b-48.i386.rpm ia64: 7b3744aaf24edc10108b035eb4201e8a openssl-0.9.6b-48.ia64.rpm b4ef30aa6c02c246af8ecc6239bd27c9 openssl-devel-0.9.6b-48.ia64.rpm 1f73927a5997209a03d171b241fea780 openssl-perl-0.9.6b-48.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl-0.9.6b-48.src.rpm 241c11e07657d431d82299dcdace1538 openssl-0.9.6b-48.src.rpm ia64: 7b3744aaf24edc10108b035eb4201e8a openssl-0.9.6b-48.ia64.rpm b4ef30aa6c02c246af8ecc6239bd27c9 openssl-devel-0.9.6b-48.ia64.rpm 1f73927a5997209a03d171b241fea780 openssl-perl-0.9.6b-48.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openssl-0.9.6b-48.src.rpm 241c11e07657d431d82299dcdace1538 openssl-0.9.6b-48.src.rpm i386: e733431a8c900a5f6cda4ee24ff4370a openssl-0.9.6b-48.i386.rpm de59b644999b3c60c22b9ee707b3ad27 openssl-0.9.6b-48.i686.rpm 29a57ca9b091d27649aa00fe28916011 openssl-devel-0.9.6b-48.i386.rpm 8ddaf7d36daa25228d589b0b418518c7 openssl-perl-0.9.6b-48.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openssl-0.9.6b-48.src.rpm 241c11e07657d431d82299dcdace1538 openssl-0.9.6b-48.src.rpm i386: e733431a8c900a5f6cda4ee24ff4370a openssl-0.9.6b-48.i386.rpm de59b644999b3c60c22b9ee707b3ad27 openssl-0.9.6b-48.i686.rpm 29a57ca9b091d27649aa00fe28916011 openssl-devel-0.9.6b-48.i386.rpm 8ddaf7d36daa25228d589b0b418518c7 openssl-perl-0.9.6b-48.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl-0.9.7a-33.24.src.rpm b2e9f291195f6a8e3b6b77d1722e4c32 openssl-0.9.7a-33.24.src.rpm i386: db30d33b3590d5267f22c355953ec333 openssl-0.9.7a-33.24.i386.rpm e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 06d53bf4d8d9c3eb8414cdaf907df743 openssl-debuginfo-0.9.7a-33.24.i386.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm b4744e8c4e8322691cdf8a74f382d291 openssl-devel-0.9.7a-33.24.i386.rpm e89ed20c06ce1cbe489fb58043b06986 openssl-perl-0.9.7a-33.24.i386.rpm ia64: e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 3b73e6c1ddea4868fb9ca1ef0d0e8908 openssl-0.9.7a-33.24.ia64.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm d4ad6188e4b032b6c5c87c9c305ee06f openssl-debuginfo-0.9.7a-33.24.ia64.rpm 9094dc39705ac75c3418f6f1038f1544 openssl-devel-0.9.7a-33.24.ia64.rpm 5b421c027aa30dd7ac5e9ecd67183cb4 openssl-perl-0.9.7a-33.24.ia64.rpm ppc: c762fa662388f5a5275b7dde930b2248 openssl-0.9.7a-33.24.ppc.rpm be5500db07523ca80a9c3c0d76d9c60c openssl-0.9.7a-33.24.ppc64.rpm 8e6393deb6259106bee5a688f5207b4a openssl-debuginfo-0.9.7a-33.24.ppc.rpm 7cad1081f26623f5ed741cf8e2593541 openssl-debuginfo-0.9.7a-33.24.ppc64.rpm a5aeeed998d77dec869f595cd3315bc8 openssl-devel-0.9.7a-33.24.ppc.rpm 86ccb62b0a712d5d98a229f9545dccd4 openssl-perl-0.9.7a-33.24.ppc.rpm s390: 9eccbeb0fcc59b9218d082f9c85b5ea1 openssl-0.9.7a-33.24.s390.rpm 3da3860e8890f76a59d6697e547a0b01 openssl-debuginfo-0.9.7a-33.24.s390.rpm c6e9aec6b0a2d7500c64d964d2b742b7 openssl-devel-0.9.7a-33.24.s390.rpm db1be7fee72ff6d686cca42bc40cbfe9 openssl-perl-0.9.7a-33.24.s390.rpm s390x: 9eccbeb0fcc59b9218d082f9c85b5ea1 openssl-0.9.7a-33.24.s390.rpm 443dd8a5a6434f373d9ac8ae9974e6b4 openssl-0.9.7a-33.24.s390x.rpm 3da3860e8890f76a59d6697e547a0b01 openssl-debuginfo-0.9.7a-33.24.s390.rpm 72755a7981cb27bbaf18bc0fe95e3bb1 openssl-debuginfo-0.9.7a-33.24.s390x.rpm b5ece9779173a3012a9b33bafb04fc36 openssl-devel-0.9.7a-33.24.s390x.rpm 312156b73990ad5d8ab0ca6f4bf09d3c openssl-perl-0.9.7a-33.24.s390x.rpm x86_64: e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 4c79a9941bb91499b5c82f7966a35843 openssl-0.9.7a-33.24.x86_64.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm d6e4c2120d1ae9c292f128beb3489af2 openssl-debuginfo-0.9.7a-33.24.x86_64.rpm 8b47a2b03491fc3dab25b4d9d2304fa1 openssl-devel-0.9.7a-33.24.x86_64.rpm 969b865272c1bba25e03fc4523432f9b openssl-perl-0.9.7a-33.24.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl-0.9.7a-33.24.src.rpm b2e9f291195f6a8e3b6b77d1722e4c32 openssl-0.9.7a-33.24.src.rpm i386: db30d33b3590d5267f22c355953ec333 openssl-0.9.7a-33.24.i386.rpm e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 06d53bf4d8d9c3eb8414cdaf907df743 openssl-debuginfo-0.9.7a-33.24.i386.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm b4744e8c4e8322691cdf8a74f382d291 openssl-devel-0.9.7a-33.24.i386.rpm e89ed20c06ce1cbe489fb58043b06986 openssl-perl-0.9.7a-33.24.i386.rpm x86_64: e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 4c79a9941bb91499b5c82f7966a35843 openssl-0.9.7a-33.24.x86_64.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm d6e4c2120d1ae9c292f128beb3489af2 openssl-debuginfo-0.9.7a-33.24.x86_64.rpm 8b47a2b03491fc3dab25b4d9d2304fa1 openssl-devel-0.9.7a-33.24.x86_64.rpm 969b865272c1bba25e03fc4523432f9b openssl-perl-0.9.7a-33.24.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl-0.9.7a-33.24.src.rpm b2e9f291195f6a8e3b6b77d1722e4c32 openssl-0.9.7a-33.24.src.rpm i386: db30d33b3590d5267f22c355953ec333 openssl-0.9.7a-33.24.i386.rpm e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 06d53bf4d8d9c3eb8414cdaf907df743 openssl-debuginfo-0.9.7a-33.24.i386.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm b4744e8c4e8322691cdf8a74f382d291 openssl-devel-0.9.7a-33.24.i386.rpm e89ed20c06ce1cbe489fb58043b06986 openssl-perl-0.9.7a-33.24.i386.rpm ia64: e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 3b73e6c1ddea4868fb9ca1ef0d0e8908 openssl-0.9.7a-33.24.ia64.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm d4ad6188e4b032b6c5c87c9c305ee06f openssl-debuginfo-0.9.7a-33.24.ia64.rpm 9094dc39705ac75c3418f6f1038f1544 openssl-devel-0.9.7a-33.24.ia64.rpm 5b421c027aa30dd7ac5e9ecd67183cb4 openssl-perl-0.9.7a-33.24.ia64.rpm x86_64: e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 4c79a9941bb91499b5c82f7966a35843 openssl-0.9.7a-33.24.x86_64.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm d6e4c2120d1ae9c292f128beb3489af2 openssl-debuginfo-0.9.7a-33.24.x86_64.rpm 8b47a2b03491fc3dab25b4d9d2304fa1 openssl-devel-0.9.7a-33.24.x86_64.rpm 969b865272c1bba25e03fc4523432f9b openssl-perl-0.9.7a-33.24.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl-0.9.7a-33.24.src.rpm b2e9f291195f6a8e3b6b77d1722e4c32 openssl-0.9.7a-33.24.src.rpm i386: db30d33b3590d5267f22c355953ec333 openssl-0.9.7a-33.24.i386.rpm e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 06d53bf4d8d9c3eb8414cdaf907df743 openssl-debuginfo-0.9.7a-33.24.i386.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm b4744e8c4e8322691cdf8a74f382d291 openssl-devel-0.9.7a-33.24.i386.rpm e89ed20c06ce1cbe489fb58043b06986 openssl-perl-0.9.7a-33.24.i386.rpm ia64: e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 3b73e6c1ddea4868fb9ca1ef0d0e8908 openssl-0.9.7a-33.24.ia64.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm d4ad6188e4b032b6c5c87c9c305ee06f openssl-debuginfo-0.9.7a-33.24.ia64.rpm 9094dc39705ac75c3418f6f1038f1544 openssl-devel-0.9.7a-33.24.ia64.rpm 5b421c027aa30dd7ac5e9ecd67183cb4 openssl-perl-0.9.7a-33.24.ia64.rpm x86_64: e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm 4c79a9941bb91499b5c82f7966a35843 openssl-0.9.7a-33.24.x86_64.rpm 2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm d6e4c2120d1ae9c292f128beb3489af2 openssl-debuginfo-0.9.7a-33.24.x86_64.rpm 8b47a2b03491fc3dab25b4d9d2304fa1 openssl-devel-0.9.7a-33.24.x86_64.rpm 969b865272c1bba25e03fc4523432f9b openssl-perl-0.9.7a-33.24.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHHH76XlSAg2UNWIIRAmiUAKCqMAlc2iDwiFVDsErkPCbEBRVOTQCfRc2y BlD70FkWDMYdVlTzfod+X1k= =V23I - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRx1OeSh9+71yA2DNAQIALQP/Y/bpFXlWaVQL/sQRccGyFq3fNsz2M0rK fWm7NKtFQ/XTVaWKPZ1Kiof+nuWdfxIuhroPeP8i+eUnjNOwlJsJEtryfgDwJCJX qpeFk1E2RjIrPPPFsUty6KlNdw4Lc3HHYizkk2xQcidHVQjWvK/Eg6fWBTHVfmCK 8wGzQ4K5IbY= =5Z1S -----END PGP SIGNATURE-----