Date: Thu, 27 Mar 2003 14:45:52 +0100
From: Trustix Secure Linux Advisor <[email protected]>
To: [email protected]Subject: TSLSA-2003-0013 - openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2003-0013
Package name: openssl
Summary: Klima-Pokorny-Rosa
Date: 2003-03-26
Affected versions: TSL 1.1, 1.2, 1.5
- --------------------------------------------------------------------------
Package description:
A C library that provides various crytographic algorithms and protocols,
including DES, RC4, RSA, and SSL. Includes shared libraries.
Problem description:
The openssl-0.9.6-13tr was open to the Klima-Pokorny-Rosa attack, this new
one is patched against this problem.
Action:
We recommend that all systems with this package installed be upgraded.
Location:
All TSL updates are available from
<URI:http://www.trustix.net/pub/Trustix/updates/>
<URI:ftp://ftp.trustix.net/pub/Trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Get SWUP from:
<URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>
Public testing:
These packages have been available for public testing for some time.
If you want to contribute by testing the various packages in the
testing tree, please feel free to share your findings on the
tsl-discuss mailinglist.
The testing tree is located at
<URI:http://www.trustix.net/pub/Trustix/testing/>
<URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
Questions?
Check out our mailing lists:
<URI:http://www.trustix.net/support/>
Verification:
This advisory along with all TSL packages are signed with the TSL sign key.
This key is available from:
<URI:http://www.trustix.net/TSL-GPG-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.net/errata/trustix-1.2/> and
<URI:http://www.trustix.net/errata/trustix-1.5/>
or directly at
<URI:http://www.trustix.net/errata/misc/2003/TSL-2003-0013-openssl.asc.txt>
MD5sums of the packages:
- --------------------------------------------------------------------------
2eb9af9947c5c5d7dacd9f7c57ecd554 ./1.5/SRPMS/openssl-0.9.6-14tr.src.rpm
edd476d6415bc02c72619a0d431265eb ./1.5/RPMS/openssl-support-0.9.6-14tr.i586.rpm
b3cf89188d53370e3b2c464b961650db ./1.5/RPMS/openssl-python-0.9.6-14tr.i586.rpm
c1b9a4ac1d1b67e5ae229de5412d7fd1 ./1.5/RPMS/openssl-devel-0.9.6-14tr.i586.rpm
0a8bfa4733591e793750fdbe9d7a1a84 ./1.5/RPMS/openssl-0.9.6-14tr.i586.rpm
2eb9af9947c5c5d7dacd9f7c57ecd554 ./1.2/SRPMS/openssl-0.9.6-14tr.src.rpm
085059adedd997da456a4d93ab14ed67 ./1.2/RPMS/openssl-support-0.9.6-14tr.i586.rpm
8286dcdd826608af69c5352894114269 ./1.2/RPMS/openssl-python-0.9.6-14tr.i586.rpm
8739e44e2521a11dc4e02ea33695b58f ./1.2/RPMS/openssl-devel-0.9.6-14tr.i586.rpm
e9f1409e0df82d662310037e89858c18 ./1.2/RPMS/openssl-0.9.6-14tr.i586.rpm
2eb9af9947c5c5d7dacd9f7c57ecd554 ./1.1/SRPMS/openssl-0.9.6-14tr.src.rpm
339fa38a192723922b4e396a58f9954f ./1.1/RPMS/openssl-support-0.9.6-14tr.i586.rpm
bcc32ddd1b0c780a0b7a82b206ba68f8 ./1.1/RPMS/openssl-python-0.9.6-14tr.i586.rpm
dd3944f2b0917bcd1996c2648f1bd5ad ./1.1/RPMS/openssl-devel-0.9.6-14tr.i586.rpm
7c61f3f5dd979e2c74d1d096374fe4de ./1.1/RPMS/openssl-0.9.6-14tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+gbc7wRTcg4BxxS0RAn+QAJ9HvzQtVSnGsbVCFX23rMEEnYj0wQCdEOEQ
wRu/zKQwFMp6EFanSEk1R6k=
=OHgX
-----END PGP SIGNATURE-----