Linux Today: Linux News On Internet Time.

SOT Linux Advisory: openssl

Aug 02, 2002, 15:08 (1 Talkback[s])

[ Thanks to SOT Security Team for this link. ]

                   SOT Linux Security Advisory

Subject:           Updated openssl package for SOT Linux 2002
Advisory ID:       SLSA-2002:10
Date:              Thursday, August 1, 2002
Product:           SOT Linux 2002

1. Problem description

All four of these are potentially remotely exploitable.

1. The client master key in SSL2 could be oversized and overrun a
   buffer. This vulnerability was also independently discovered by
   consultants at Neohapsis (http://www.neohapsis.com/) who have also
   demonstrated that the vulerability is exploitable. Exploit code is
   NOT available at this time.

2. The session ID supplied to a client in SSL3 could be oversized and
   overrun a buffer.

3. The master key supplied to an SSL3 server could be oversized and
   overrun a stack-based buffer. This issues only affects OpenSSL
   0.9.7 before 0.9.7-beta3 with Kerberos enabled.

4. Various buffers for ASCII representations of integers were too
   small on 64 bit platforms.

2. Updated packages

SOT Linux 2002 Desktop:



SOT Linux 2002 Server:



3. Upgrading package

Use up2date to automatically upgrade the fixed packages.

If you want to upgrade manually, download the updated package from
the SOT Linux FTP site (use the links above) or from one of our mirrors.
The list of mirrors can be obtained at www.sot.com/en/linux

Update the package with the following command:
rpm -Uvh 

4. Verification

All packages are PGP signed by SOT for security.

You can verify each package with the following command:
rpm --checksig 

If you wish to verify the integrity of the downloaded package, run
"md5sum " and compare the output with data given below.

Package Name                             MD5 sum
/Desktop/i386/openssl-0.9.6b-15.i386.rpm 6bf53f2b4ca2fad4e255f32b0cace61b
/Desktop/SRPMS/openssl-0.9.6b-15.src.rpm 840e78dbefd926964e439ec389b9a0ca
/Server/i386/openssl-0.9.6b-15.i386.rpm  6bf53f2b4ca2fad4e255f32b0cace61b
/Server/SRPMS/openssl-0.9.6b-15.src.rpm  840e78dbefd926964e439ec389b9a0ca

5. References


Copyright(c) 2001, 2002 SOT

You can view other update advisories for SOT Linux 2002 at:
To unsubscribe, visit your account at https://www.sot.com/