-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2003-0013 Package name: openssl Summary: Klima-Pokorny-Rosa Date: 2003-03-26 Affected versions: TSL 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Package description: A C library that provides various crytographic algorithms and protocols, including DES, RC4, RSA, and SSL. Includes shared libraries. Problem description: The openssl-0.9.6-13tr was open to the Klima-Pokorny-Rosa attack, this new one is patched against this problem. Action: We recommend that all systems with this package installed be upgraded. Location: All TSL updates are available from <URI:http://www.trustix.net/pub/Trustix/updates/> <URI:ftp://ftp.trustix.net/pub/Trustix/updates/> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/> Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:http://www.trustix.net/pub/Trustix/testing/> <URI:ftp://ftp.trustix.net/pub/Trustix/testing/> Questions? Check out our mailing lists: <URI:http://www.trustix.net/support/> Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.net/TSL-GPG-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.net/errata/trustix-1.2/> and <URI:http://www.trustix.net/errata/trustix-1.5/> or directly at <URI:http://www.trustix.net/errata/misc/2003/TSL-2003-0013-openssl.asc.txt> MD5sums of the packages: - -------------------------------------------------------------------------- 2eb9af9947c5c5d7dacd9f7c57ecd554 ./1.5/SRPMS/openssl-0.9.6-14tr.src.rpm edd476d6415bc02c72619a0d431265eb ./1.5/RPMS/openssl-support-0.9.6-14tr.i586.rpm b3cf89188d53370e3b2c464b961650db ./1.5/RPMS/openssl-python-0.9.6-14tr.i586.rpm c1b9a4ac1d1b67e5ae229de5412d7fd1 ./1.5/RPMS/openssl-devel-0.9.6-14tr.i586.rpm 0a8bfa4733591e793750fdbe9d7a1a84 ./1.5/RPMS/openssl-0.9.6-14tr.i586.rpm 2eb9af9947c5c5d7dacd9f7c57ecd554 ./1.2/SRPMS/openssl-0.9.6-14tr.src.rpm 085059adedd997da456a4d93ab14ed67 ./1.2/RPMS/openssl-support-0.9.6-14tr.i586.rpm 8286dcdd826608af69c5352894114269 ./1.2/RPMS/openssl-python-0.9.6-14tr.i586.rpm 8739e44e2521a11dc4e02ea33695b58f ./1.2/RPMS/openssl-devel-0.9.6-14tr.i586.rpm e9f1409e0df82d662310037e89858c18 ./1.2/RPMS/openssl-0.9.6-14tr.i586.rpm 2eb9af9947c5c5d7dacd9f7c57ecd554 ./1.1/SRPMS/openssl-0.9.6-14tr.src.rpm 339fa38a192723922b4e396a58f9954f ./1.1/RPMS/openssl-support-0.9.6-14tr.i586.rpm bcc32ddd1b0c780a0b7a82b206ba68f8 ./1.1/RPMS/openssl-python-0.9.6-14tr.i586.rpm dd3944f2b0917bcd1996c2648f1bd5ad ./1.1/RPMS/openssl-devel-0.9.6-14tr.i586.rpm 7c61f3f5dd979e2c74d1d096374fe4de ./1.1/RPMS/openssl-0.9.6-14tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+gbc7wRTcg4BxxS0RAn+QAJ9HvzQtVSnGsbVCFX23rMEEnYj0wQCdEOEQ wRu/zKQwFMp6EFanSEk1R6k= =OHgX -----END PGP SIGNATURE-----
