The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


NetBSD Security Advisory 2004-003: OpenSSL 0.9.6 ASN.1 parser vulnerability


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Thu, 19 Feb 2004 08:36:55 -0500
From: NetBSD Security-Officer <security-officer@netbsd.org.>
To: [email protected]
Subject: NetBSD Security Advisory 2004-003: OpenSSL 0.9.6 ASN.1 parser vulnerability


-----BEGIN PGP SIGNED MESSAGE-----


                 NetBSD Security Advisory 2004-003

Topic: OpenSSL 0.9.6 ASN.1 parser vulnerability Version: NetBSD-current: sources prior to 2003/07/24 NetBSD 1.6.1: affected NetBSD 1.6: affected NetBSD-1.5.3: affected NetBSD-1.5.2: affected NetBSD-1.5.1: affected NetBSD-1.5: affected pkgsrc: packages prior to (including) 0.9.6k Severity: possible remote denial-of-service Fixed: NetBSD-current: July 24, 2003 NetBSD-1.6 branch: November 8, 2003 (1.6.2 will include the fix) NetBSD-1.5 branch: November 7, 2003 pkgsrc: openssl-0.9.6l corrects this issue Abstract ======== OpenSSL 0.9.6k ASN.1 parser had a possible denial-of-service vulnerability. This vulnerability is different from 2003-017. OpenSSL 0.9.7 is not affected. Technical Details ================= http://www.kb.cert.org/vuls/id/412478 http://www.openssl.org/news/secadv_20031104.txt Solutions and Workarounds
Release of NetBSD 1.6.2 is imminent. This is a reminder to consider upgrading when they are available, if you are running anything older than NetBSD 1.6 Many security-related improvements have been made. NetBSD 1.6.2 may be considered a binary patch for this advisory. * Rebuilding from source: libcrypto and libssl have to be rebuilt. The following instructions describe how to upgrade your libcrypto and libssl binaries by updating your source tree and rebuilding and installing a new version of libcrypto and libssl. * NetBSD-current: NetBSD-current has included the OpenSSL 0.9.7 series since July 24, 2003, therefore upgrading to sources after July 24, 2003 is required. * NetBSD 1.6, 1.6.1: The binary distributions of NetBSD 1.6 and 1.6.1 are vulnerable. Systems running NetBSD 1.6 sources dated from before 2003-11-07 should be upgraded from NetBSD 1.6 sources dated 2003-11-08 or later. NetBSD 1.6.2 will include the fix. The following directories need to be updated from the netbsd-1-6 CVS branch: crypto/dist/openssl To update from CVS, re-build, and re-install libcrypto and libssl: # cd src # cvs update -d -P -r netbsd-1-6 crypto/dist/openssl # cd lib/libcrypto # make cleandir dependall # make install # cd ../../lib/libssl # make cleandir dependall # make install * NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3: The binary distribution of NetBSD 1.5 to 1.5.3 are vulnerable. Systems running NetBSD 1.5, 1.5.1, 1.5.2, or 1.5.3 sources dated from before 2003-11-06 should be upgraded from NetBSD 1.5.* sources dated 2003-11-07 or later. The following directories need to be updated from the netbsd-1-5 CVS branch: crypto/dist/openssl To update from CVS, re-build, and re-install libcrypto and libssl: # cd src # cvs update -d -P -r netbsd-1-5 crypto/dist/openssl # cd lib/libcrypto # make cleandir dependall # make install # cd ../../lib/libssl # make cleandir dependall # make install Thanks To ========= Dr Stephen Henson Revision History ================ 2004-02-18 Initial release More Information ================ Advisories may be updated as new information becomes available. The most recent version of this advisory (PGP signed) can be found at ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc Information about NetBSD and NetBSD security can be found at http://www.NetBSD.org/ and http://www.NetBSD.org/Security/. Copyright 2004, The NetBSD Foundation, Inc. All Rights Reserved. Redistribution permitted only in full, unmodified form. $NetBSD: NetBSD-SA2004-003.txt.asc,v 1.3 2004/02/19 02:19:40 david Exp $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (NetBSD) iQCVAwUBQDQeIT5Ru2/4N2IFAQFeCQP8Cr1sGqZ/FNuhpF4PDtJKIBoeOXcYsBfQ 7P0Egqv++IrrpgUZTmGrBC/OEGJ0Rn4L6psZBaw/s+xZ9H4Im0q8EWwqttKNkbaI Nt+AEidrHy0rZyKjmrFORu14y4yaxIX/xGX/8vtKekrH/C/TY52Ke43OpxBris+d h2dIfjWUaKU= =yyjs -----END PGP SIGNATURE-----

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру