Date: Fri, 3 Oct 2003 19:02:26 +0200
From: Tawie Security Advisor <[email protected]>
To: [email protected]Subject: TSLSA-2003-0003 - openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Tawie Server Linux Security Advisory #2003-0003
Package name: openssl
Summary: Potential DOS
Date: 2003-10-03
Affected versions: TSL 1.2, 1.5
- --------------------------------------------------------------------------
Package description:
A C library that provides various crytographic algorithms and protocols,
including DES, RC4, RSA, and SSL. Includes shared libraries.
Problem description:
Patrik Hornik announced a potential DOS in older versions of openssl:
<URL: http://www.ebitech.sk/patrik/SA/SA-20031002.txt>
RedHat did silently fix this issue some time ago, and announced it later on.
We have updated the packages in both trustix 1.2, 1.5 and tawie 1.2, 1.5, as
they are security related, using the redhat patches.
Action:
We recommend that all systems with this package installed be upgraded.
Location:
All TSL updates are available from
<URI:http://http.tawie.org/pub/tawie/updates/>
<URI:ftp://ftp.tawie.org/pub/tawie/updates/>
About Tawie Server Linux:
Tawie Server Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Public testing:
If you want to contribute by testing the various packages in the
testing tree, please feel free to share your findings on the
tsl-discuss mailinglist.
The testing tree for TSL 2.0 is located at
<URI:http://tsldev.tawie.org/cloud/>
You may also use swup for public testing of updates:
site {
class = 0
location = "http://tsldev.tawie.org/cloud/rdfs/latest.rdf"
regexp = ".*"
}
Questions?
Check out our mailing lists:
<URI:http://www.tawie.net/support/>
Verification:
This advisory along with all TSL packages are signed with the TSL sign key.
This key is available from:
<URI:http://www.tawie.net/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.tawie.net/errata/tawie-1.2/>,
<URI:http://www.tawie.net/errata/tawie-1.5/>
or directly at
<URI:http://www.tawie.net/errata/misc/tawie-2003/TSL-2003-0003-openssl.asc.txt>
MD5sums of the packages:
- --------------------------------------------------------------------------
f95ba83b4585917085e4286fe7690f82 ./1.5/SRPMS/openssl-0.9.6-16tr.src.rpm
da305a520b51839cf688dcde12d5e07e ./1.5/RPMS/openssl-support-0.9.6-16tr.i586.rpm
17e45edd433b4a4d1e97e3d317a84a9b ./1.5/RPMS/openssl-python-0.9.6-16tr.i586.rpm
1f78097ee782512493cc02c0921bb387 ./1.5/RPMS/openssl-devel-0.9.6-16tr.i586.rpm
689052c70fe5ad24b7fd3be8cb19295e ./1.5/RPMS/openssl-0.9.6-16tr.i586.rpm
f95ba83b4585917085e4286fe7690f82 ./1.2/SRPMS/openssl-0.9.6-16tr.src.rpm
96aed74c397ce676bf9d1564a0e7cb15 ./1.2/RPMS/openssl-support-0.9.6-16tr.i586.rpm
d1e5b310ca6259a306a0c17503fa6c3c ./1.2/RPMS/openssl-python-0.9.6-16tr.i586.rpm
0ed2028a3ecf1f1d780400f8827dd36b ./1.2/RPMS/openssl-devel-0.9.6-16tr.i586.rpm
33d3c334f30bf8397eb4742fa159e525 ./1.2/RPMS/openssl-0.9.6-16tr.i586.rpm
- --------------------------------------------------------------------------
Tawie Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/fagsu9Q/LWRYgjERAnk2AJ9nK0I2U6iNgkWBwvy6gs9fGwut2ACdHwbT
tIWp8J67G7rwuruB8+PMQNY=
=QOm8
-----END PGP SIGNATURE-----