[ MDVSA-2009:087 ] openssl
To: [email protected]
Subject: [ MDVSA-2009:087 ] openssl
Date: Sat, 04 Apr 2009 00:39:01 +0200
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1Lps2P-0001qu-8b@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:087
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openssl
Date : April 3, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A security vulnerability has been identified and fixed in OpenSSL,
which could crash applications using OpenSSL library when parsing
malformed certificates (CVE-2009-0590).
The updated packages have been patched to prevent this.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
6b754c91594c65b327d2dba0c7402d55 2008.0/i586/libopenssl0.9.8-0.9.8e-8.3mdv2008.0.i586.rpm
7925aa846daa02085d8261e17f2f5875 2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.3mdv2008.0.i586.rpm
051e206025736be6aca4e5b2a57b8f94 2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.3mdv2008.0.i586.rpm
01f56e6d5ee540090fbee6d34f29e65a 2008.0/i586/openssl-0.9.8e-8.3mdv2008.0.i586.rpm
c70caa3e4c03412a02cc6bbb36902382 2008.0/SRPMS/openssl-0.9.8e-8.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
bffedd1a3568c6756f2a7e208711406b 2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.3mdv2008.0.x86_64.rpm
bdd18bfb34dc3fe03ab0427eaa998762 2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.3mdv2008.0.x86_64.rpm
c1966f47b75d196587ba1bbebeb36de6 2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.3mdv2008.0.x86_64.rpm
2d0ee52fbbe9736e3e36d0af3eccfab4 2008.0/x86_64/openssl-0.9.8e-8.3mdv2008.0.x86_64.rpm
c70caa3e4c03412a02cc6bbb36902382 2008.0/SRPMS/openssl-0.9.8e-8.3mdv2008.0.src.rpm
Mandriva Linux 2008.1:
dc492cf18385aabfb94663b1a121a776 2008.1/i586/libopenssl0.9.8-0.9.8g-4.3mdv2008.1.i586.rpm
bb4d4453048fb8f68fa3d4acaddaa0c8 2008.1/i586/libopenssl0.9.8-devel-0.9.8g-4.3mdv2008.1.i586.rpm
ad22bc2ee1d238606133616104420669 2008.1/i586/libopenssl0.9.8-static-devel-0.9.8g-4.3mdv2008.1.i586.rpm
f7f7edf2ca2e1422d718a40c2c14419b 2008.1/i586/openssl-0.9.8g-4.3mdv2008.1.i586.rpm
e032c64f27cc35e9c72c9ee1d28dfaf3 2008.1/SRPMS/openssl-0.9.8g-4.3mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
77d9d1e7f5dc49dec60c69cc1b028463 2008.1/x86_64/lib64openssl0.9.8-0.9.8g-4.3mdv2008.1.x86_64.rpm
0bcee0a1c173a8f5d8e8adbb81708a6c 2008.1/x86_64/lib64openssl0.9.8-devel-0.9.8g-4.3mdv2008.1.x86_64.rpm
cb5ff411ea8180862e0d411239c76341 2008.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8g-4.3mdv2008.1.x86_64.rpm
02c72439aa06c9310494b17ebc676e0c 2008.1/x86_64/openssl-0.9.8g-4.3mdv2008.1.x86_64.rpm
e032c64f27cc35e9c72c9ee1d28dfaf3 2008.1/SRPMS/openssl-0.9.8g-4.3mdv2008.1.src.rpm
Mandriva Linux 2009.0:
4ec73f053278a9c77ccd62034a1e4c72 2009.0/i586/libopenssl0.9.8-0.9.8h-3.2mdv2009.0.i586.rpm
33da38ad5f20eec511a60b5b476cf241 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.2mdv2009.0.i586.rpm
70f6020e9fe66badabf815f7256b9718 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.2mdv2009.0.i586.rpm
8f87c9a8339052d4c261cfd818486c1d 2009.0/i586/openssl-0.9.8h-3.2mdv2009.0.i586.rpm
44980fee28c99bb22012e36e88eeaec7 2009.0/SRPMS/openssl-0.9.8h-3.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
18b0da8ae3998bb143efbe9fbf78282d 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.2mdv2009.0.x86_64.rpm
01310fb6273e795489023f02d71434d4 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.2mdv2009.0.x86_64.rpm
2da04ce75c2371f1ee15d94742f00ee6 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.2mdv2009.0.x86_64.rpm
5529205245e554324f40c87ba665b198 2009.0/x86_64/openssl-0.9.8h-3.2mdv2009.0.x86_64.rpm
44980fee28c99bb22012e36e88eeaec7 2009.0/SRPMS/openssl-0.9.8h-3.2mdv2009.0.src.rpm
Corporate 3.0:
1b58ced1478d63969727c9346305e20d corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.10.C30mdk.i586.rpm
3ebb9340042ad4fbf9664ba47148fd59 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.10.C30mdk.i586.rpm
c57397a9e6773866c58d11af8b9599a4 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.10.C30mdk.i586.rpm
feaecf68067dd7d75cf30790b0702338 corporate/3.0/i586/openssl-0.9.7c-3.10.C30mdk.i586.rpm
47da419d4ed666fcb064635be15a6450 corporate/3.0/SRPMS/openssl-0.9.7c-3.10.C30mdk.src.rpm
Corporate 3.0/X86_64:
c567e5f61d5cae04b02bfa43d307cf95 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.10.C30mdk.x86_64.rpm
4c487ef9f195ac905d8e27a2ee5a3aad corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.10.C30mdk.x86_64.rpm
11faa9b02898eaec3d346e56c2c37567 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.10.C30mdk.x86_64.rpm
0485fbcd4bb28224e6716114eb6dd372 corporate/3.0/x86_64/openssl-0.9.7c-3.10.C30mdk.x86_64.rpm
47da419d4ed666fcb064635be15a6450 corporate/3.0/SRPMS/openssl-0.9.7c-3.10.C30mdk.src.rpm
Corporate 4.0:
72db90b1c8362f8122bb29101e8f7ea3 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.8.20060mlcs4.i586.rpm
2957dac9e5461336cf68433f4b147de1 corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.8.20060mlcs4.i586.rpm
e0f441e9cf9c18321f4e8b3099c2df5a corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.8.20060mlcs4.i586.rpm
4a020ff36ff58d2ae9ccfc852f265d1d corporate/4.0/i586/openssl-0.9.7g-2.8.20060mlcs4.i586.rpm
12bd0d350017d5ad4930beaad07e2a92 corporate/4.0/SRPMS/openssl-0.9.7g-2.8.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
b8c7201ae9c41aa0f391f877da24e312 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.8.20060mlcs4.x86_64.rpm
d9329b8d694a37cd24d3e2373eb02066 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.8.20060mlcs4.x86_64.rpm
e9c6bd67410f238a0b775361e08e7af3 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.8.20060mlcs4.x86_64.rpm
88d42200e0464824e003ce4451a175e7 corporate/4.0/x86_64/openssl-0.9.7g-2.8.20060mlcs4.x86_64.rpm
12bd0d350017d5ad4930beaad07e2a92 corporate/4.0/SRPMS/openssl-0.9.7g-2.8.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
74728af83737762b744092597629e1db mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.10.C30mdk.i586.rpm
0de1c4403ddbba33f21a99e2879af9cc mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.10.C30mdk.i586.rpm
3b79e5cdb909115e3770ee59a17f757a mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.10.C30mdk.i586.rpm
39b67cff96aaa016f119d5ddff312f54 mnf/2.0/i586/openssl-0.9.7c-3.10.C30mdk.i586.rpm
1201abd42759b7e5a0d96aa4f96a9dd1 mnf/2.0/SRPMS/openssl-0.9.7c-3.10.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ1mJMmqjQ0CJFipgRAq43AJ427ntOrRUUUgRlx1AwCldUE/rFygCfQu5Y
I9/Hqbyeksi2w0SLyVMPeMw=
=+BmT
-----END PGP SIGNATURE-----