Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.0788 -- [RedHat]
Important: openssl security update
23 October 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openssl
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux 2.1
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux Desktop 5
Impact: Execute Arbitrary Code/Commands
Access Confidential Data
Access: Remote/Unauthenticated
CVE Names: CVE-2007-5135 CVE-2007-4995 CVE-2007-3108
Ref: AA-2007.0066
ESB-2007.0738
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0964.html
https://rhn.redhat.com/errata/RHSA-2007-0813.html
Comment: Please see https://rhn.redhat.com/errata/RHSA-2007-0813.html
for updates to the Red Hat Linux 2.1 and 3 families.
Revision History:
October 23 2007: This update is now available for the Red Hat Linux
2.1 and 3 family of operating systems.
October 15 2007: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Important: openssl security update
Advisory ID: RHSA-2007:0964-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0964.html
Issue date: 2007-10-12
Updated on: 2007-10-12
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-3108 CVE-2007-4995 CVE-2007-5135
- - ---------------------------------------------------------------------
1. Summary:
Updated OpenSSL packages that correct several security issues are now
available for Red Hat Enterprise 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Problem description:
OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library. Datagram TLS (DTLS) is a protocol
based on TLS that is capable of securing datagram transport (UDP for
instance).
The OpenSSL security team discovered a flaw in DTLS support. An attacker
could create a malicious client or server that could trigger a heap
overflow. This is possibly exploitable to run arbitrary code, but it has
not been verified (CVE-2007-5135). Note that this flaw only affects
applications making use of DTLS. Red Hat does not ship any DTLS client or
server applications in Red Hat Enterprise Linux.
A flaw was found in the SSL_get_shared_ciphers() utility function. An
attacker could send a list of ciphers to an application that used this
function and overrun a buffer with a single byte (CVE-2007-4995). Few
applications make use of this vulnerable function and generally it is used
only when applications are compiled for debugging.
A number of possible side-channel attacks were discovered affecting
OpenSSL. A local attacker could possibly obtain RSA private keys being
used on a system. In practice these attacks would be difficult to perform
outside of a lab environment. This update contains backported patches
designed to mitigate these issues. (CVE-2007-3108).
Users of OpenSSL should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Please note that the fix for the DTLS flaw involved an overhaul of the DTLS
handshake processing which may introduce incompatibilities if a new client
is used with an older server.
After installing this update, users are advised to either restart all
services that use OpenSSL or restart their system.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
245732 - CVE-2007-3108 RSA side-channel attack
309801 - CVE-2007-5135 openssl SSL_get_shared_ciphers() off-by-one
321191 - CVE-2007-4995 openssl dtls out of order vulnerabilitiy
6. RPMs required:
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8b-8.3.el5_0.2.src.rpm
0e1fead78b32ddfbd8f6e18dee20e8a0 openssl-0.9.8b-8.3.el5_0.2.src.rpm
i386:
66c597116250ca9316fb20bfc6065ce4 openssl-0.9.8b-8.3.el5_0.2.i386.rpm
1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm
ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm
a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm
998eaa38bde4414f7bfa9cc8394660f4 openssl-perl-0.9.8b-8.3.el5_0.2.i386.rpm
x86_64:
1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm
33d947406912ffb50948ddf17cc9e529 openssl-0.9.8b-8.3.el5_0.2.x86_64.rpm
a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm
05725c88ab3d0d1abced8ec3556e0e05 openssl-debuginfo-0.9.8b-8.3.el5_0.2.x86_64.rpm
2e1118104315fd3e5387b5e0ca969266 openssl-perl-0.9.8b-8.3.el5_0.2.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8b-8.3.el5_0.2.src.rpm
0e1fead78b32ddfbd8f6e18dee20e8a0 openssl-0.9.8b-8.3.el5_0.2.src.rpm
i386:
ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm
2457b8ad85d2197e1195ece6d9688bc2 openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm
x86_64:
ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm
05725c88ab3d0d1abced8ec3556e0e05 openssl-debuginfo-0.9.8b-8.3.el5_0.2.x86_64.rpm
2457b8ad85d2197e1195ece6d9688bc2 openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm
168a74a6be63fc1beb9b828da91bdfe5 openssl-devel-0.9.8b-8.3.el5_0.2.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssl-0.9.8b-8.3.el5_0.2.src.rpm
0e1fead78b32ddfbd8f6e18dee20e8a0 openssl-0.9.8b-8.3.el5_0.2.src.rpm
i386:
66c597116250ca9316fb20bfc6065ce4 openssl-0.9.8b-8.3.el5_0.2.i386.rpm
1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm
ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm
a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm
2457b8ad85d2197e1195ece6d9688bc2 openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm
998eaa38bde4414f7bfa9cc8394660f4 openssl-perl-0.9.8b-8.3.el5_0.2.i386.rpm
ia64:
1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm
b025d862ca952a0289f55e04156cedb0 openssl-0.9.8b-8.3.el5_0.2.ia64.rpm
a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm
d0998e6d8191b972a01ddab5e222c0c8 openssl-debuginfo-0.9.8b-8.3.el5_0.2.ia64.rpm
e8766e171cebbc2897f0642a0add2244 openssl-devel-0.9.8b-8.3.el5_0.2.ia64.rpm
270be09d92822984dee0c4d7e786fce3 openssl-perl-0.9.8b-8.3.el5_0.2.ia64.rpm
ppc:
1141cf40960ae39388e4e8eeebc801b2 openssl-0.9.8b-8.3.el5_0.2.ppc.rpm
e30551ffb11d12b7252f95fa3a5a10c5 openssl-0.9.8b-8.3.el5_0.2.ppc64.rpm
83d060df03f60db508c5c8e7aaf35a3c openssl-debuginfo-0.9.8b-8.3.el5_0.2.ppc.rpm
db703c98b117309f1c3a51524e1f9889 openssl-debuginfo-0.9.8b-8.3.el5_0.2.ppc64.rpm
a9b31f8ab0d0be84bf4a4c6a7f061187 openssl-devel-0.9.8b-8.3.el5_0.2.ppc.rpm
ae7a02136749eb6add2064d575fe2358 openssl-devel-0.9.8b-8.3.el5_0.2.ppc64.rpm
9552d697daafba170ecd82a0e265292a openssl-perl-0.9.8b-8.3.el5_0.2.ppc.rpm
s390x:
b82c768d8fbb7ed7d62d867df39b96e5 openssl-0.9.8b-8.3.el5_0.2.s390.rpm
56868f24204f584792594cbec2744517 openssl-0.9.8b-8.3.el5_0.2.s390x.rpm
eb5842143f9b0cd8e801969784673e07 openssl-debuginfo-0.9.8b-8.3.el5_0.2.s390.rpm
16125099c4d353a157e231cbb178ada4 openssl-debuginfo-0.9.8b-8.3.el5_0.2.s390x.rpm
d1fdcc96b1e94d70339efe6ae9850ab7 openssl-devel-0.9.8b-8.3.el5_0.2.s390.rpm
f7ee8f120dbbebbc5a0a51b3e9f6a86b openssl-devel-0.9.8b-8.3.el5_0.2.s390x.rpm
e543b01864c8ef794d90fc680ba1698d openssl-perl-0.9.8b-8.3.el5_0.2.s390x.rpm
x86_64:
1d73ecb68c0a68f2320d668076dcbec5 openssl-0.9.8b-8.3.el5_0.2.i686.rpm
33d947406912ffb50948ddf17cc9e529 openssl-0.9.8b-8.3.el5_0.2.x86_64.rpm
ad1cb84a2d9618962f5564b9db03cb0e openssl-debuginfo-0.9.8b-8.3.el5_0.2.i386.rpm
a45f8be73ac51f64c01d8c4704e89476 openssl-debuginfo-0.9.8b-8.3.el5_0.2.i686.rpm
05725c88ab3d0d1abced8ec3556e0e05 openssl-debuginfo-0.9.8b-8.3.el5_0.2.x86_64.rpm
2457b8ad85d2197e1195ece6d9688bc2 openssl-devel-0.9.8b-8.3.el5_0.2.i386.rpm
168a74a6be63fc1beb9b828da91bdfe5 openssl-devel-0.9.8b-8.3.el5_0.2.x86_64.rpm
2e1118104315fd3e5387b5e0ca969266 openssl-perl-0.9.8b-8.3.el5_0.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135
http://www.openssl.org/news/secadv_20071012.txt
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFHD1vxXlSAg2UNWIIRAk+5AKCmcMF7Oqfm1fKUNVtsnq3NUXaLbACgmgQv
CgoN8N+kDwk1ouxGI6/bocM=
=nhaG
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2007:0813-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0813.html
Issue date: 2007-10-22
Updated on: 2007-10-22
Product: Red Hat Enterprise Linux
Cross references: RHSA-2007:0806
CVE Names: CVE-2007-3108 CVE-2007-5135
- - ---------------------------------------------------------------------
1. Summary:
Updated OpenSSL packages that correct security issues are now available for
Red Hat Enterprise Linux 2.1 and 3.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
A flaw was found in the SSL_get_shared_ciphers() utility function. An
attacker could send a list of ciphers to an application that used this
function and overrun a buffer with a single byte (CVE-2007-5135). Few
applications make use of this vulnerable function and generally it is used
only when applications are compiled for debugging.
A number of possible side-channel attacks were discovered affecting
OpenSSL. A local attacker could possibly obtain RSA private keys being
used on a system. In practice these attacks would be difficult to perform
outside of a lab environment. This update contains backported patches
designed to mitigate these issues. (CVE-2007-3108).
Users of OpenSSL should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Note: After installing this update, users are advised to either restart all
services that use OpenSSL or restart their system.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
245732 - CVE-2007-3108 RSA side-channel attack
250573 - CVE-NONE openssl branch prediction attacks
309801 - CVE-2007-5135 openssl SSL_get_shared_ciphers() off-by-one
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 :
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl-0.9.6b-48.src.rpm
241c11e07657d431d82299dcdace1538 openssl-0.9.6b-48.src.rpm
i386:
e733431a8c900a5f6cda4ee24ff4370a openssl-0.9.6b-48.i386.rpm
de59b644999b3c60c22b9ee707b3ad27 openssl-0.9.6b-48.i686.rpm
29a57ca9b091d27649aa00fe28916011 openssl-devel-0.9.6b-48.i386.rpm
8ddaf7d36daa25228d589b0b418518c7 openssl-perl-0.9.6b-48.i386.rpm
ia64:
7b3744aaf24edc10108b035eb4201e8a openssl-0.9.6b-48.ia64.rpm
b4ef30aa6c02c246af8ecc6239bd27c9 openssl-devel-0.9.6b-48.ia64.rpm
1f73927a5997209a03d171b241fea780 openssl-perl-0.9.6b-48.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl-0.9.6b-48.src.rpm
241c11e07657d431d82299dcdace1538 openssl-0.9.6b-48.src.rpm
ia64:
7b3744aaf24edc10108b035eb4201e8a openssl-0.9.6b-48.ia64.rpm
b4ef30aa6c02c246af8ecc6239bd27c9 openssl-devel-0.9.6b-48.ia64.rpm
1f73927a5997209a03d171b241fea780 openssl-perl-0.9.6b-48.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openssl-0.9.6b-48.src.rpm
241c11e07657d431d82299dcdace1538 openssl-0.9.6b-48.src.rpm
i386:
e733431a8c900a5f6cda4ee24ff4370a openssl-0.9.6b-48.i386.rpm
de59b644999b3c60c22b9ee707b3ad27 openssl-0.9.6b-48.i686.rpm
29a57ca9b091d27649aa00fe28916011 openssl-devel-0.9.6b-48.i386.rpm
8ddaf7d36daa25228d589b0b418518c7 openssl-perl-0.9.6b-48.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openssl-0.9.6b-48.src.rpm
241c11e07657d431d82299dcdace1538 openssl-0.9.6b-48.src.rpm
i386:
e733431a8c900a5f6cda4ee24ff4370a openssl-0.9.6b-48.i386.rpm
de59b644999b3c60c22b9ee707b3ad27 openssl-0.9.6b-48.i686.rpm
29a57ca9b091d27649aa00fe28916011 openssl-devel-0.9.6b-48.i386.rpm
8ddaf7d36daa25228d589b0b418518c7 openssl-perl-0.9.6b-48.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl-0.9.7a-33.24.src.rpm
b2e9f291195f6a8e3b6b77d1722e4c32 openssl-0.9.7a-33.24.src.rpm
i386:
db30d33b3590d5267f22c355953ec333 openssl-0.9.7a-33.24.i386.rpm
e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm
06d53bf4d8d9c3eb8414cdaf907df743 openssl-debuginfo-0.9.7a-33.24.i386.rpm
2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm
b4744e8c4e8322691cdf8a74f382d291 openssl-devel-0.9.7a-33.24.i386.rpm
e89ed20c06ce1cbe489fb58043b06986 openssl-perl-0.9.7a-33.24.i386.rpm
ia64:
e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm
3b73e6c1ddea4868fb9ca1ef0d0e8908 openssl-0.9.7a-33.24.ia64.rpm
2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm
d4ad6188e4b032b6c5c87c9c305ee06f openssl-debuginfo-0.9.7a-33.24.ia64.rpm
9094dc39705ac75c3418f6f1038f1544 openssl-devel-0.9.7a-33.24.ia64.rpm
5b421c027aa30dd7ac5e9ecd67183cb4 openssl-perl-0.9.7a-33.24.ia64.rpm
ppc:
c762fa662388f5a5275b7dde930b2248 openssl-0.9.7a-33.24.ppc.rpm
be5500db07523ca80a9c3c0d76d9c60c openssl-0.9.7a-33.24.ppc64.rpm
8e6393deb6259106bee5a688f5207b4a openssl-debuginfo-0.9.7a-33.24.ppc.rpm
7cad1081f26623f5ed741cf8e2593541 openssl-debuginfo-0.9.7a-33.24.ppc64.rpm
a5aeeed998d77dec869f595cd3315bc8 openssl-devel-0.9.7a-33.24.ppc.rpm
86ccb62b0a712d5d98a229f9545dccd4 openssl-perl-0.9.7a-33.24.ppc.rpm
s390:
9eccbeb0fcc59b9218d082f9c85b5ea1 openssl-0.9.7a-33.24.s390.rpm
3da3860e8890f76a59d6697e547a0b01 openssl-debuginfo-0.9.7a-33.24.s390.rpm
c6e9aec6b0a2d7500c64d964d2b742b7 openssl-devel-0.9.7a-33.24.s390.rpm
db1be7fee72ff6d686cca42bc40cbfe9 openssl-perl-0.9.7a-33.24.s390.rpm
s390x:
9eccbeb0fcc59b9218d082f9c85b5ea1 openssl-0.9.7a-33.24.s390.rpm
443dd8a5a6434f373d9ac8ae9974e6b4 openssl-0.9.7a-33.24.s390x.rpm
3da3860e8890f76a59d6697e547a0b01 openssl-debuginfo-0.9.7a-33.24.s390.rpm
72755a7981cb27bbaf18bc0fe95e3bb1 openssl-debuginfo-0.9.7a-33.24.s390x.rpm
b5ece9779173a3012a9b33bafb04fc36 openssl-devel-0.9.7a-33.24.s390x.rpm
312156b73990ad5d8ab0ca6f4bf09d3c openssl-perl-0.9.7a-33.24.s390x.rpm
x86_64:
e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm
4c79a9941bb91499b5c82f7966a35843 openssl-0.9.7a-33.24.x86_64.rpm
2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm
d6e4c2120d1ae9c292f128beb3489af2 openssl-debuginfo-0.9.7a-33.24.x86_64.rpm
8b47a2b03491fc3dab25b4d9d2304fa1 openssl-devel-0.9.7a-33.24.x86_64.rpm
969b865272c1bba25e03fc4523432f9b openssl-perl-0.9.7a-33.24.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl-0.9.7a-33.24.src.rpm
b2e9f291195f6a8e3b6b77d1722e4c32 openssl-0.9.7a-33.24.src.rpm
i386:
db30d33b3590d5267f22c355953ec333 openssl-0.9.7a-33.24.i386.rpm
e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm
06d53bf4d8d9c3eb8414cdaf907df743 openssl-debuginfo-0.9.7a-33.24.i386.rpm
2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm
b4744e8c4e8322691cdf8a74f382d291 openssl-devel-0.9.7a-33.24.i386.rpm
e89ed20c06ce1cbe489fb58043b06986 openssl-perl-0.9.7a-33.24.i386.rpm
x86_64:
e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm
4c79a9941bb91499b5c82f7966a35843 openssl-0.9.7a-33.24.x86_64.rpm
2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm
d6e4c2120d1ae9c292f128beb3489af2 openssl-debuginfo-0.9.7a-33.24.x86_64.rpm
8b47a2b03491fc3dab25b4d9d2304fa1 openssl-devel-0.9.7a-33.24.x86_64.rpm
969b865272c1bba25e03fc4523432f9b openssl-perl-0.9.7a-33.24.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl-0.9.7a-33.24.src.rpm
b2e9f291195f6a8e3b6b77d1722e4c32 openssl-0.9.7a-33.24.src.rpm
i386:
db30d33b3590d5267f22c355953ec333 openssl-0.9.7a-33.24.i386.rpm
e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm
06d53bf4d8d9c3eb8414cdaf907df743 openssl-debuginfo-0.9.7a-33.24.i386.rpm
2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm
b4744e8c4e8322691cdf8a74f382d291 openssl-devel-0.9.7a-33.24.i386.rpm
e89ed20c06ce1cbe489fb58043b06986 openssl-perl-0.9.7a-33.24.i386.rpm
ia64:
e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm
3b73e6c1ddea4868fb9ca1ef0d0e8908 openssl-0.9.7a-33.24.ia64.rpm
2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm
d4ad6188e4b032b6c5c87c9c305ee06f openssl-debuginfo-0.9.7a-33.24.ia64.rpm
9094dc39705ac75c3418f6f1038f1544 openssl-devel-0.9.7a-33.24.ia64.rpm
5b421c027aa30dd7ac5e9ecd67183cb4 openssl-perl-0.9.7a-33.24.ia64.rpm
x86_64:
e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm
4c79a9941bb91499b5c82f7966a35843 openssl-0.9.7a-33.24.x86_64.rpm
2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm
d6e4c2120d1ae9c292f128beb3489af2 openssl-debuginfo-0.9.7a-33.24.x86_64.rpm
8b47a2b03491fc3dab25b4d9d2304fa1 openssl-devel-0.9.7a-33.24.x86_64.rpm
969b865272c1bba25e03fc4523432f9b openssl-perl-0.9.7a-33.24.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl-0.9.7a-33.24.src.rpm
b2e9f291195f6a8e3b6b77d1722e4c32 openssl-0.9.7a-33.24.src.rpm
i386:
db30d33b3590d5267f22c355953ec333 openssl-0.9.7a-33.24.i386.rpm
e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm
06d53bf4d8d9c3eb8414cdaf907df743 openssl-debuginfo-0.9.7a-33.24.i386.rpm
2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm
b4744e8c4e8322691cdf8a74f382d291 openssl-devel-0.9.7a-33.24.i386.rpm
e89ed20c06ce1cbe489fb58043b06986 openssl-perl-0.9.7a-33.24.i386.rpm
ia64:
e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm
3b73e6c1ddea4868fb9ca1ef0d0e8908 openssl-0.9.7a-33.24.ia64.rpm
2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm
d4ad6188e4b032b6c5c87c9c305ee06f openssl-debuginfo-0.9.7a-33.24.ia64.rpm
9094dc39705ac75c3418f6f1038f1544 openssl-devel-0.9.7a-33.24.ia64.rpm
5b421c027aa30dd7ac5e9ecd67183cb4 openssl-perl-0.9.7a-33.24.ia64.rpm
x86_64:
e6e165ab5f3774c2494865920f0773a0 openssl-0.9.7a-33.24.i686.rpm
4c79a9941bb91499b5c82f7966a35843 openssl-0.9.7a-33.24.x86_64.rpm
2d682d4c0b39e7b01c57887c845c31d2 openssl-debuginfo-0.9.7a-33.24.i686.rpm
d6e4c2120d1ae9c292f128beb3489af2 openssl-debuginfo-0.9.7a-33.24.x86_64.rpm
8b47a2b03491fc3dab25b4d9d2304fa1 openssl-devel-0.9.7a-33.24.x86_64.rpm
969b865272c1bba25e03fc4523432f9b openssl-perl-0.9.7a-33.24.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFHHH76XlSAg2UNWIIRAmiUAKCqMAlc2iDwiFVDsErkPCbEBRVOTQCfRc2y
BlD70FkWDMYdVlTzfod+X1k=
=V23I
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRx1OeSh9+71yA2DNAQIALQP/Y/bpFXlWaVQL/sQRccGyFq3fNsz2M0rK
fWm7NKtFQ/XTVaWKPZ1Kiof+nuWdfxIuhroPeP8i+eUnjNOwlJsJEtryfgDwJCJX
qpeFk1E2RjIrPPPFsUty6KlNdw4Lc3HHYizkk2xQcidHVQjWvK/Eg6fWBTHVfmCK
8wGzQ4K5IbY=
=5Z1S
-----END PGP SIGNATURE-----