Date: 7 Dec 2004 02:49:51 -0000
From: Mandrake Linux Security Team <security@linux-mandrake.com.>
To: [email protected]Subject: MDKSA-2004:147 - Updated openssl packages fix temporary file vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: openssl
Advisory ID: MDKSA-2004:147
Date: December 6th, 2004
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
The Trustix developers found that the der_chop script, included in the
openssl package, created temporary files insecurely. This could allow
local users to overwrite files using a symlink attack.
The updated packages have been patched to prevent this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0975
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
c0d41b5423a09f01decc40e84fd005cb 10.0/RPMS/libopenssl0.9.7-0.9.7c-3.1.100mdk.i586.rpm
82b573c6825f9a3abdd8a23da2fe7c2c 10.0/RPMS/libopenssl0.9.7-devel-0.9.7c-3.1.100mdk.i586.rpm
7c4e0ddd161ae064928c3f3563a2dc4e 10.0/RPMS/libopenssl0.9.7-static-devel-0.9.7c-3.1.100mdk.i586.rpm
d4d97f7b45004bd8d69ef90bce972442 10.0/RPMS/openssl-0.9.7c-3.1.100mdk.i586.rpm
f09ed46ce152ac3396ce5a4a4b2036d0 10.0/SRPMS/openssl-0.9.7c-3.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
d9d9037cf0170a9e6ef1702f3e786b8a amd64/10.0/RPMS/lib64openssl0.9.7-0.9.7c-3.1.100mdk.amd64.rpm
cfa623fa40be35d5cc99053bafd625c1 amd64/10.0/RPMS/lib64openssl0.9.7-devel-0.9.7c-3.1.100mdk.amd64.rpm
0098601eae49e65ee1fae0283bc4ffff amd64/10.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7c-3.1.100mdk.amd64.rpm
06d845c07b46356cef699f94a67b9bc0 amd64/10.0/RPMS/openssl-0.9.7c-3.1.100mdk.amd64.rpm
f09ed46ce152ac3396ce5a4a4b2036d0 amd64/10.0/SRPMS/openssl-0.9.7c-3.1.100mdk.src.rpm
Mandrakelinux 10.1:
ae229d9586ea295545e577960ecfc9d5 10.1/RPMS/libopenssl0.9.7-0.9.7d-1.1.101mdk.i586.rpm
66d4393ab8ad6c72242fe03676d452bb 10.1/RPMS/libopenssl0.9.7-devel-0.9.7d-1.1.101mdk.i586.rpm
003f9c7ba693314fe0cfd5c91f0d154b 10.1/RPMS/libopenssl0.9.7-static-devel-0.9.7d-1.1.101mdk.i586.rpm
00e24e1fa79a339a5e1a92d9c2996082 10.1/RPMS/openssl-0.9.7d-1.1.101mdk.i586.rpm
5c453b0349f604e2955a889f624982d6 10.1/SRPMS/openssl-0.9.7d-1.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
45a998be7caf5d54a7a8a106e2e6cf9a x86_64/10.1/RPMS/lib64openssl0.9.7-0.9.7d-1.1.101mdk.x86_64.rpm
000606c0fde3660e4c623f1ddb319e47 x86_64/10.1/RPMS/lib64openssl0.9.7-devel-0.9.7d-1.1.101mdk.x86_64.rpm
f75779760ee204bbfaab4173575964cd x86_64/10.1/RPMS/lib64openssl0.9.7-static-devel-0.9.7d-1.1.101mdk.x86_64.rpm
81457d174401f6033cb03a9404145278 x86_64/10.1/RPMS/openssl-0.9.7d-1.1.101mdk.x86_64.rpm
5c453b0349f604e2955a889f624982d6 x86_64/10.1/SRPMS/openssl-0.9.7d-1.1.101mdk.src.rpm
Corporate Server 2.1:
63355bf82d2b54f08a970383c9c5192c corporate/2.1/RPMS/libopenssl0-0.9.6i-1.8.C21mdk.i586.rpm
9d557d9105a7a2d1b1026543d6fedf2c corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.8.C21mdk.i586.rpm
0929ca75a91cd5c4f553329aa7e818a8 corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.8.C21mdk.i586.rpm
2cd8e70cc5c66c4797392e4ea3a0348f corporate/2.1/RPMS/openssl-0.9.6i-1.8.C21mdk.i586.rpm
337b3ad1c49fc5e91f2d72ea6a493868 corporate/2.1/SRPMS/openssl-0.9.6i-1.8.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
1fb93ddabdccd9edd724e7d6818e7299 x86_64/corporate/2.1/RPMS/libopenssl0-0.9.6i-1.8.C21mdk.x86_64.rpm
acfe2f603298bae71c4f35a928d9ba88 x86_64/corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.8.C21mdk.x86_64.rpm
daf31defd9c4b27bf28581bd7ed7fd2c x86_64/corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.8.C21mdk.x86_64.rpm
cade4a4db47d263c6660591d1bf9d5a1 x86_64/corporate/2.1/RPMS/openssl-0.9.6i-1.8.C21mdk.x86_64.rpm
337b3ad1c49fc5e91f2d72ea6a493868 x86_64/corporate/2.1/SRPMS/openssl-0.9.6i-1.8.C21mdk.src.rpm
Mandrakelinux 9.2:
f014f2318e559b7cfc5fc5bd2a010b67 9.2/RPMS/libopenssl0.9.7-0.9.7b-5.1.92mdk.i586.rpm
db4c7a4d97015c04a03ed69fa8d9c941 9.2/RPMS/libopenssl0.9.7-devel-0.9.7b-5.1.92mdk.i586.rpm
1368b0bf03dcebb17b6f1d5359411d8b 9.2/RPMS/libopenssl0.9.7-static-devel-0.9.7b-5.1.92mdk.i586.rpm
369d6104e62dc23e23c2d9f05e0d03db 9.2/RPMS/openssl-0.9.7b-5.1.92mdk.i586.rpm
9389817df3eb169e26536635c129e853 9.2/SRPMS/openssl-0.9.7b-5.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
a0f963c1ab90037dcdf57dba1337e48d amd64/9.2/RPMS/lib64openssl0.9.7-0.9.7b-5.1.92mdk.amd64.rpm
587ef4344175ab4532e0e569ea733df3 amd64/9.2/RPMS/lib64openssl0.9.7-devel-0.9.7b-5.1.92mdk.amd64.rpm
4638c1af2de29459e2c1fae27fd28659 amd64/9.2/RPMS/lib64openssl0.9.7-static-devel-0.9.7b-5.1.92mdk.amd64.rpm
18d875fb53f6b5c0adfc22fed5193645 amd64/9.2/RPMS/openssl-0.9.7b-5.1.92mdk.amd64.rpm
9389817df3eb169e26536635c129e853 amd64/9.2/SRPMS/openssl-0.9.7b-5.1.92mdk.src.rpm
Multi Network Firewall 8.2:
eeaeae17ef647b22de71170105190f87 mnf8.2/RPMS/libopenssl0-0.9.6i-1.7.M82mdk.i586.rpm
b3ffacae8b78391fcc30267a3f252223 mnf8.2/RPMS/openssl-0.9.6i-1.7.M82mdk.i586.rpm
aa558b895ae77092ae29dec127a5a2a0 mnf8.2/SRPMS/openssl-0.9.6i-1.7.M82mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBtRpPmqjQ0CJFipgRAnLGAJ40aJv0gDgCf/7QiE5gDyAYQKJb3QCgoNqJ
MnN19RFVMvpGf4RIRSM1/f4=
=ZLB+
-----END PGP SIGNATURE-----