8790230 2002-07-30 15:05 +0200  /108 rader/ Trustix Secure Linux Advisor <tsl@trustix.com>
Sänt av: joel@lysator.liu.se
Importerad: 2002-07-30  16:00  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <23347>
Ärende: TSLSA-2002-0063 - openssl
------------------------------------------------------------
From: tsl@trustix.com (Trustix Secure Linux Advisor)
To: bugtraq@securityfocus.com
Message-ID: <20020730130553.GA8336@trustix.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2002-0063

Package name:      openssl
Summary:           Multiple security problems
Date:              2002-07-29
Affected versions: TSL 1.1, 1.2, 1.5

- --------------------------------------------------------------------------

Problem description:
  Several severe security problems have been found in the openssl source
  code which upon the TSL openssl packages are based. Most of these 
  vulnerabilities have a potential for remote expoitation, even though no 
  exploits are currently released.
  The upstream development group have provided us with patches that fixes 
  the problems. 
  
  These issues have been asigned the following CVE names:
  CAN-2002-0655, CAN-2002-0656, and CAN-2002-0659.
  
  More information:
  <URI: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655>
  <URI: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656>
  <URI: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659>

Action:
  We recommend that all systems with this package installed are upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/> and
  <URI:http://www.trustix.net/errata/trustix-1.5/>
  or directly at
  <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0063-openssl.asc.txt>


MD5sums of the packages:
- --------------------------------------------------------------------------
0c51861ce4432c3f669657e2c4971c6f  ./1.5/SRPMS/openssl-0.9.6-10tr.src.rpm
eb8a64dba138584b8085aec8d9ccaf0c  ./1.5/RPMS/openssl-support-0.9.6-10tr.i586.rpm
9db293f035fbd82a3482ab87d3465eb2  ./1.5/RPMS/openssl-python-0.9.6-10tr.i586.rpm
582d08bb63676a33da1aa89a33a05914  ./1.5/RPMS/openssl-devel-0.9.6-10tr.i586.rpm
2d05569684b868cbacca9e389ded3f0f  ./1.5/RPMS/openssl-0.9.6-10tr.i586.rpm
96053f774317702af40705697a2460d4  ./1.2/SRPMS/openssl-0.9.6-3tr.src.rpm
84b50e02167b61a9d3093bcc055c7b45  ./1.2/RPMS/openssl-devel-0.9.6-3tr.i586.rpm
b0c3b99917e1c69f593a74b9989a33f9  ./1.2/RPMS/openssl-0.9.6-3tr.i586.rpm
96053f774317702af40705697a2460d4  ./1.1/SRPMS/openssl-0.9.6-3tr.src.rpm
111d6f3e42c2410a11ac4704036a31ef  ./1.1/RPMS/openssl-devel-0.9.6-3tr.i586.rpm
23d4bef487e86dfff1854f3f3c6fd867  ./1.1/RPMS/openssl-0.9.6-3tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9RSsqwRTcg4BxxS0RAgv0AJsGLRMNaZ2pmZdE4NRQCLgfRpNLygCdHfkE
3bFFVLoH4NXOBs+mT/i8T4E=
=Ydxh
-----END PGP SIGNATURE-----
(8790230) /Trustix Secure Linux Advisor <tsl@trustix.com>/