-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:073 http://www.mandriva.com/security/ _______________________________________________________________________ Package : openssl Date : May 11, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in openssl: A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can be exploited in a denial of service attack on both clients and servers (CVE-2012-2333). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333 http://www.openssl.org/news/secadv_20120510.txt _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 8866fcb4196eb1c2b79e748389c1443c 2010.1/i586/libopenssl0.9.8-0.9.8x-0.1mdv2010.2.i586.rpm bd6c7dd96f536c4ec97f57e9b580039b 2010.1/SRPMS/openssl0.9.8-0.9.8x-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: bff80e93a38d93e49b7a11bb17a9fc70 2010.1/x86_64/lib64openssl0.9.8-0.9.8x-0.1mdv2010.2.x86_64.rpm bd6c7dd96f536c4ec97f57e9b580039b 2010.1/SRPMS/openssl0.9.8-0.9.8x-0.1mdv2010.2.src.rpm Mandriva Linux 2011: 19caf1a1a78056bce3ba1c9d4f1d0415 2011/i586/libopenssl1.0.0-1.0.0d-2.6-mdv2011.0.i586.rpm 02aa551535710c0d9803449c1802dbfa 2011/i586/libopenssl-devel-1.0.0d-2.6-mdv2011.0.i586.rpm 3555729a0e0009a0764e942dfeee68d8 2011/i586/libopenssl-engines1.0.0-1.0.0d-2.6-mdv2011.0.i586.rpm 502a554614d25909a184c0da675cbba8 2011/i586/libopenssl-static-devel-1.0.0d-2.6-mdv2011.0.i586.rpm 01b3d6af849b464706b89caceaed0d79 2011/i586/openssl-1.0.0d-2.6-mdv2011.0.i586.rpm 937b9e875720421f40755c25ea632ea5 2011/SRPMS/openssl-1.0.0d-2.6.src.rpm Mandriva Linux 2011/X86_64: 9a9ae392fb95474723642fdf96f4f142 2011/x86_64/lib64openssl1.0.0-1.0.0d-2.6-mdv2011.0.x86_64.rpm bd72ce2cec3d54cea1cebc330f99b8b9 2011/x86_64/lib64openssl-devel-1.0.0d-2.6-mdv2011.0.x86_64.rpm cc5a547f2ba9050167033a5577028a6b 2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.6-mdv2011.0.x86_64.rpm e4c484c9ce59772c5db0dcce8fd1a089 2011/x86_64/lib64openssl-static-devel-1.0.0d-2.6-mdv2011.0.x86_64.rpm 2627947f2918036433adb94b1e3fb969 2011/x86_64/openssl-1.0.0d-2.6-mdv2011.0.x86_64.rpm 937b9e875720421f40755c25ea632ea5 2011/SRPMS/openssl-1.0.0d-2.6.src.rpm Mandriva Enterprise Server 5: eac9b4f5fbe83b963c739ceab0802b23 mes5/i586/libopenssl0.9.8-0.9.8h-3.16mdvmes5.2.i586.rpm 69fca6182cdc0dab36bf3c9749ebb29a mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.16mdvmes5.2.i586.rpm de51afae564823dc53fa03c93b0600db mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.16mdvmes5.2.i586.rpm 1f28862f4a82c608bdfd7a33acc4886e mes5/i586/openssl-0.9.8h-3.16mdvmes5.2.i586.rpm 5010c18bde45e7521094adc6830bacaf mes5/SRPMS/openssl-0.9.8h-3.16mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: e96273b6039706744defbd92900ef1b8 mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.16mdvmes5.2.x86_64.rpm 7670ac7b6ebf786327d8dbe7c29be516 mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.16mdvmes5.2.x86_64.rpm 13631cb5321b44a4efdcb5ea405836c9 mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.16mdvmes5.2.x86_64.rpm 7804bf621b5b1783dd1bd505ac62317a mes5/x86_64/openssl-0.9.8h-3.16mdvmes5.2.x86_64.rpm 5010c18bde45e7521094adc6830bacaf mes5/SRPMS/openssl-0.9.8h-3.16mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPrOcmmqjQ0CJFipgRAqiVAKDwDZp9x3Zbo1gcmVDO5AEBWJGQJQCggX0g kxu88BU+DoJuQmuWBZyTT4I= =N2/S -----END PGP SIGNATURE-----
