Linux Today - Advisories, September 11, 2006

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

Malware devs embrace open-source

A tale of two distros: Ubuntu and Linux Mint

Raspberry Pi benchmarked against Beagleboard, low price is long term

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories, September 11, 2006

Advisories, September 11, 2006
Sep 12, 2006, 03 :45 UTC (0 Talkback[s]) (2169 reads)

Debian Security Advisory DSA 1174-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
September 11th, 2006 http://www.debian.org/security/faq

Package : openssl096
Problem-Type : local
Vulnerability : cryptographic weakness
Debian-specific: no
CVE ID : CVE-2006-4339
BugTraq ID : 19849
Debian Bug : 386247

Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid.

For the stable distribution (sarge) this problem has been fixed in version 0.9.6m-1sarge2

This package exists only for compatibility with older software, and is not present in the unstable or testing branches of Debian.

We recommend that you upgrade your openssl packages. Note that services linking against the openssl shared libraries will need to be restarted. Common examples of such services include most Mail Transport Agents, SSH servers, and web servers.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.dsc
      Size/MD5 checksum: 617 018a88ab90403cb04c62fb3e30b74447
    http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.diff.gz
      Size/MD5 checksum: 19110 ebf3d65348f1a0e2b09543b02f1752ff
    http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz
      Size/MD5 checksum: 2184918 1b63bfdca1c37837dddde9f1623498f9