8790230 2002-07-30 15:05 +0200 /108 rader/ Trustix Secure Linux Advisor <tsl@trustix.com> Sänt av: joel@lysator.liu.se Importerad: 2002-07-30 16:00 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <23347> Ärende: TSLSA-2002-0063 - openssl ------------------------------------------------------------ From: tsl@trustix.com (Trustix Secure Linux Advisor) To: bugtraq@securityfocus.com Message-ID: <20020730130553.GA8336@trustix.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2002-0063 Package name: openssl Summary: Multiple security problems Date: 2002-07-29 Affected versions: TSL 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Problem description: Several severe security problems have been found in the openssl source code which upon the TSL openssl packages are based. Most of these vulnerabilities have a potential for remote expoitation, even though no exploits are currently released. The upstream development group have provided us with patches that fixes the problems. These issues have been asigned the following CVE names: CAN-2002-0655, CAN-2002-0656, and CAN-2002-0659. More information: <URI: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655> <URI: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656> <URI: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659> Action: We recommend that all systems with this package installed are upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All TSL updates are available from <URI:http://www.trustix.net/pub/Trustix/updates/> <URI:ftp://ftp.trustix.net/pub/Trustix/updates/> Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/> Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:http://www.trustix.net/pub/Trustix/testing/> <URI:ftp://ftp.trustix.net/pub/Trustix/testing/> Questions? Check out our mailing lists: <URI:http://www.trustix.net/support/> Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.net/TSL-GPG-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.net/errata/trustix-1.2/> and <URI:http://www.trustix.net/errata/trustix-1.5/> or directly at <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0063-openssl.asc.txt> MD5sums of the packages: - -------------------------------------------------------------------------- 0c51861ce4432c3f669657e2c4971c6f ./1.5/SRPMS/openssl-0.9.6-10tr.src.rpm eb8a64dba138584b8085aec8d9ccaf0c ./1.5/RPMS/openssl-support-0.9.6-10tr.i586.rpm 9db293f035fbd82a3482ab87d3465eb2 ./1.5/RPMS/openssl-python-0.9.6-10tr.i586.rpm 582d08bb63676a33da1aa89a33a05914 ./1.5/RPMS/openssl-devel-0.9.6-10tr.i586.rpm 2d05569684b868cbacca9e389ded3f0f ./1.5/RPMS/openssl-0.9.6-10tr.i586.rpm 96053f774317702af40705697a2460d4 ./1.2/SRPMS/openssl-0.9.6-3tr.src.rpm 84b50e02167b61a9d3093bcc055c7b45 ./1.2/RPMS/openssl-devel-0.9.6-3tr.i586.rpm b0c3b99917e1c69f593a74b9989a33f9 ./1.2/RPMS/openssl-0.9.6-3tr.i586.rpm 96053f774317702af40705697a2460d4 ./1.1/SRPMS/openssl-0.9.6-3tr.src.rpm 111d6f3e42c2410a11ac4704036a31ef ./1.1/RPMS/openssl-devel-0.9.6-3tr.i586.rpm 23d4bef487e86dfff1854f3f3c6fd867 ./1.1/RPMS/openssl-0.9.6-3tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9RSsqwRTcg4BxxS0RAgv0AJsGLRMNaZ2pmZdE4NRQCLgfRpNLygCdHfkE 3bFFVLoH4NXOBs+mT/i8T4E= =Ydxh -----END PGP SIGNATURE----- (8790230) /Trustix Secure Linux Advisor <tsl@trustix.com>/