--------------------------------------------------------------------- Fedora Test Update Notification FEDORA-2004-1395 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1395 2004-03-22 --------------------------------------------------------------------- Name : openssl Version 7.2 : 0.9.6b-36.7.legacy Version 7.3 : 0.9.6b-36.7.legacy Version 8.0 : 0.9.6b-36.8.legacy Summary : The OpenSSL toolkit. Description : The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. --------------------------------------------------------------------- Update Information: CAN-2003-0851: OpenSSL 0.9.6k does not properly handle certain ASN.1 sequences. As a result, OpenSSL performs a recursive function call that could exhaust system resources and crash the process using the OpenSSL library. CAN-2004-0081: OpenSSL prior to version 0.9.6d does not properly handle unknown message types. An attacker could cause the application using OpenSSL to enter an infinite loop, resulting in a denial of service. --------------------------------------------------------------------- Changelog: * Thu Mar 18 2004 Jesse Keating <jkeating@xxxxxxxxxxxxxxx> - 0.9.6b-36.7.legacy - add security fixes for CAN-2004-0081 and CAN-2003-0851 - updated ca-bundle.crt: removed expired GeoTrust roots, added freessl.com root, removed trustcenter.de Class 0 root --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/redhat/ 2647596bc3e8d0090af0ea0e9841ba665872a729 7.2/updates-testing/SRPMS/openssl-0.9.6b-36.7.legacy.src.rpm 014a4d8fec25dde48ee8f8c14cc5250afc687542 7.2/updates-testing/i386/openssl-0.9.6b-36.7.legacy.i386.rpm 2647596bc3e8d0090af0ea0e9841ba665872a729 7.3/updates-testing/SRPMS/openssl-0.9.6b-36.7.legacy.src.rpm 014a4d8fec25dde48ee8f8c14cc5250afc687542 7.3/updates-testing/i386/openssl-0.9.6b-36.7.legacy.i386.rpm c4403aff66cc3891418f2f4a5fc9632ed87c6f79 7.3/updates-testing/i386/openssl-0.9.6b-36.7.legacy.i686.rpm 95ab8bd7b6e649f3e7995830e8f15c3fd55e83bd 8.0/updates-testing/SRPMS/openssl-0.9.6b-36.8.legacy.src.rpm bb6c9804df5d4214ca80474f2f3e87ddfe298908 8.0/updates-testing/i386/openssl-0.9.6b-36.8.legacy.i386.rpm d49da33be792303a8ea3295076b3a7e5c7a29ea1 8.0/updates-testing/i386/openssl-0.9.6b-36.8.legacy.i686.rpm Please note that this update is also available via yum and apt through the updates-testing channel. Many people find this an easier way to apply updates. --------------------------------------------------------------------- -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating
Attachment:
pgp00280.pgp
Description: signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list