|
| Current Newswire:
EnGarde Secure Linux Security Advisory: openssl vulnerabilitiesMay 02, 2001, 15:13 (0 Talkback[s])Date: Wed, 2 May 2001 09:38:12 -0400 (EDT) From: EnGarde Secure Linux <security@guardiandigital.com> Subject: [ESA-20010426-01] openssl vulnerabilities +------------------------------------------------------------------------+ | EnGarde Secure Linux Security Advisory May 02, 2001 | | http://www.engardelinux.org/ ESA-20010426-01 | | | | Package: openssl | | Summary: There are four potential vulnerabilities in openssl. | +------------------------------------------------------------------------+ EnGarde Secure Linux is a secure distribution of Linux that features improved access control, host and network intrusion detection, Web based secure remote management, complete e-commerce using AllCommerce, and integrated open source security tools. OVERVIEW There are four potential vulnerabilities in the version of openssl which shipped with EnGarde Secure Linux version 1.0.1. DETAIL There were four security fixes introduced into openssl 0.9.6a. However, this release also broke binary compatibility with older versions of openssl. Thanks to Nalin Dahyabhai, these changes have been backported into openssl 0.9.6. This alleviates having to release updated packages for all of the programs that depend on openssl, such as openssh. The security-related changes are (from the 0.9.6a announcement):
SOLUTION All users running 'openssl' should upgrade to the most recent version, as outlined in this advisory. All updates can be found at: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ http://ftp.engardelinux.org/pub/engarde/stable/updates/ To install the updated package, execute the command: rpm -Uvh <filename> To verify the signature of the updated packages, execute the command: rpm -Kv <filename> UPDATED PACKAGES Source Packages: SRPMS/openssl-0.9.6-1.0.13.src.rpm MD5 Sum: 6e8134b6635a77bc6a9101438b50427a i386 Binary Packages: i386/openssl-0.9.6-1.0.13.i386.rpm MD5 Sum: 2a0f944722c27fd34d8549dae25b611d i386/openssl-misc-0.9.6-1.0.13.i386.rpm MD5 Sum: 59cb6c0fed182b2b5eb3789b2fffdae7 i686 Binary Packages: i686/openssl-0.9.6-1.0.13.i686.rpm REFERENCES Guardian Digital's public key: OpenSSL's official web site: OpenSSL 0.9.6a announcement: $Id: 2001.04.26-openssl,v 1.1 2001/04/26 15:18:29 rwm Exp $ Author: Ryan W. Maple, <ryan@guardiandigital.com> Copyright 2001, Guardian Digital, Inc. |