--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-166939 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166939 2005-10-30 --------------------------------------------------------------------- Name : openssl Versions : rh73: openssl-0.9.6b-39.9.legacy Versions : rh9: openssl-0.9.7a-20.6.legacy Versions : fc1: openssl-0.9.7a-33.13.legacy Versions : fc2: openssl-0.9.7a-35.2.legacy Summary : The OpenSSL toolkit. Description : The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. --------------------------------------------------------------------- Update Information: Updated OpenSSL packages that fix a security issue are now available. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full- strength general purpose cryptography library. A bug was fixed in the way OpenSSL creates DSA signatures. A cache timing attack was fixed in a previous advisory which caused OpenSSL to do private key calculations with a fixed time window. The DSA fix for this was not complete and the calculations are not always performed within a fixed-window. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0109 to this issue. Users are advised to update to these erratum packages which contain a patch to correct this issue. --------------------------------------------------------------------- Changelogs rh73: * Sat Oct 22 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 0.9.6b-39.9.legacy - Add extra patch to fix CAN-2005-0109 - Patch to prevent version rollback, CAN-2005-2969 (#166939) * Mon Aug 29 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 0.9.6b-39.8.legacy - patch for cache timing exploit CAN-2005-0109 (#166939) rh9: * Sat Oct 22 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 0.9.7a-20.6.legacy - Add extra patch to fix CAN-2005-0109 - Patch to prevent version rollback, CAN-2005-2969 (#166939) * Mon Aug 29 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 0.9.7a-20.5.legacy - patch for cache timing exploit CAN-2005-0109 (#166939) fc1: * Sat Oct 22 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 0.9.7a-33.13.legacy - Add extra patch to fix CAN-2005-0109 - Patch to prevent version rollback, CAN-2005-2969 (#166939) * Mon Aug 29 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 0.9.7a-33.12.legacy - patch for cache timing exploit CAN-2005-0109 (#166939) fc2: * Sat Oct 22 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 0.9.7a-35-2.legacy - Add extra patch to fix CAN-2005-0109 - Patch to prevent version rollback, CAN-2005-2969 (#166939) * Sun Aug 28 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 0.9.7a-35.1.legacy - Patches for CAN-2004-0975 and CAN-2005-0109 (#166939) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 23e31f9220e9c178633f92176a09b3cd22912203 redhat/7.3/updates-testing/i386/openssl095a-0.9.5a-24.7.5.legacy.i386.rpm e08cbfb5c6ee46014ee5d15282c68fe7f9331071 redhat/7.3/updates-testing/i386/openssl096-0.9.6-25.10.legacy.i386.rpm 8c3ddc292081189ad5f9e21e2c4b26615f38f990 redhat/7.3/updates-testing/i386/openssl-0.9.6b-39.9.legacy.i386.rpm 9ff66370fe9e198c0482542705e70f6e6d08eb92 redhat/7.3/updates-testing/i386/openssl-0.9.6b-39.9.legacy.i686.rpm e0e7414663d8303ca31cb2fa7f711e21e29b247f redhat/7.3/updates-testing/i386/openssl-devel-0.9.6b-39.9.legacy.i386.rpm e230cd7a295b5a0f7181ace648647b8131d34f55 redhat/7.3/updates-testing/i386/openssl-perl-0.9.6b-39.9.legacy.i386.rpm a947f06dd5bb790c081de9a66ab6115bc3f860bd redhat/7.3/updates-testing/SRPMS/openssl095a-0.9.5a-24.7.5.legacy.src.rpm ffed89fc023c04323469f9689650afa8c63ab752 redhat/7.3/updates-testing/SRPMS/openssl096-0.9.6-25.10.legacy.src.rpm 5f15191347ba49337593e3ec4a25b7961854b126 redhat/7.3/updates-testing/SRPMS/openssl-0.9.6b-39.9.legacy.src.rpm rh9: c94740ed01d1016dfedcbb250c8641fb8507b6f9 redhat/9/updates-testing/i386/openssl096-0.9.6-25.11.legacy.i386.rpm f1224dfb97ddb0eaa678d23cd097858d05c6939c redhat/9/updates-testing/i386/openssl096b-0.9.6b-15.2.legacy.i386.rpm 62eb39923eb2a98a1749a58a28fce5c425587387 redhat/9/updates-testing/i386/openssl-0.9.7a-20.6.legacy.i386.rpm e97a1fb8963711a2c97e298173d30fe64abd7a3f redhat/9/updates-testing/i386/openssl-0.9.7a-20.6.legacy.i686.rpm dca80e912b43137b71e966cdc956b50324fd59fc redhat/9/updates-testing/i386/openssl-devel-0.9.7a-20.6.legacy.i386.rpm 1f34a94f36d3b7fa56b633fc134eac3d99a08f45 redhat/9/updates-testing/i386/openssl-perl-0.9.7a-20.6.legacy.i386.rpm 7a33a1707d2e6dfd3db2d6d33e992007fe26b8a7 redhat/9/updates-testing/SRPMS/openssl096-0.9.6-25.11.legacy.src.rpm a04955b783d0eab8daca4435dcc5dd9cc181132c redhat/9/updates-testing/SRPMS/openssl096b-0.9.6b-15.2.legacy.src.rpm d010302930f88638255581d7f4d8d245fc5f1f4f redhat/9/updates-testing/SRPMS/openssl-0.9.7a-20.6.legacy.src.rpm fc1: b8bca99bd841735227e51ec9922aa7b9a86cf956 fedora/1/updates-testing/i386/openssl096-0.9.6-26.2.legacy.i386.rpm f6a6795be813551df73dd07b81fedb9c4b766e4e fedora/1/updates-testing/i386/openssl096b-0.9.6b-18.2.legacy.i386.rpm 620c574712782b4e349ed1392d1d674507a146cc fedora/1/updates-testing/i386/openssl-0.9.7a-33.13.legacy.i386.rpm 5518b5e24176b056dae1e653a4abb9f2dd227d99 fedora/1/updates-testing/i386/openssl-0.9.7a-33.13.legacy.i686.rpm 5ce78af8e1d18ec2deb174ac6fdce6e84c68e46a fedora/1/updates-testing/i386/openssl-devel-0.9.7a-33.13.legacy.i386.rpm 1bee0f14e627fde0951377e1bf2f90b190152967 fedora/1/updates-testing/i386/openssl-perl-0.9.7a-33.13.legacy.i386.rpm 9e2427b58a5e52bbf3e6b59cacc7c11d5ae8d8b0 fedora/1/updates-testing/SRPMS/openssl096-0.9.6-26.2.legacy.src.rpm d16eb5ca21baed54c23f89e003a2084c482daa25 fedora/1/updates-testing/SRPMS/openssl096b-0.9.6b-18.2.legacy.src.rpm b116a8978d0ea6720193ac67c927d1c07eb122c4 fedora/1/updates-testing/SRPMS/openssl-0.9.7a-33.13.legacy.src.rpm fc2: c0b1d16c9b9dedc5661de97e87e886872241bd02 fedora/2/updates-testing/i386/openssl096b-0.9.6b-20.2.legacy.i386.rpm d8773965612fda44388b73296ba8fb9caea9db1f fedora/2/updates-testing/i386/openssl-0.9.7a-35.2.legacy.i386.rpm 45c1a884034056c1f3f31f6a61af617a44a31e47 fedora/2/updates-testing/i386/openssl-0.9.7a-35.2.legacy.i686.rpm 24f03de813df1d534d3d847fde68ffd603a2e234 fedora/2/updates-testing/i386/openssl-devel-0.9.7a-35.2.legacy.i386.rpm a990c20059b07984cc06a1029219b713650b0cfd fedora/2/updates-testing/i386/openssl-perl-0.9.7a-35.2.legacy.i386.rpm 1d7866f61179aab39ed819459923c3b71bda70ba fedora/2/updates-testing/SRPMS/openssl096b-0.9.6b-20.2.legacy.src.rpm 63d5d41cd2be5a010c2ad2c6276f0ddba2948e38 fedora/2/updates-testing/SRPMS/openssl-0.9.7a-35.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
