Date: Wed, 2 May 2001 09:38:12 -0400 (EDT)
From: EnGarde Secure Linux <security@guardiandigital.com>
Subject: [ESA-20010426-01] openssl vulnerabilities
+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory May 02, 2001 |
| http://www.engardelinux.org/ ESA-20010426-01 |
| |
| Package: openssl |
| Summary: There are four potential vulnerabilities in openssl. |
+------------------------------------------------------------------------+
EnGarde Secure Linux is a secure distribution of Linux that
features improved access control, host and network intrusion
detection, Web based secure remote management, complete e-commerce
using AllCommerce, and integrated open source security tools.
OVERVIEW
There are four potential vulnerabilities in the version of openssl
which shipped with EnGarde Secure Linux version 1.0.1.
DETAIL
There were four security fixes introduced into openssl 0.9.6a.
However, this release also broke binary compatibility with older
versions of openssl. Thanks to Nalin Dahyabhai, these changes have
been backported into openssl 0.9.6. This alleviates having to
release updated packages for all of the programs that depend on
openssl, such as openssh.
The security-related changes are (from the 0.9.6a
announcement):
SOLUTION
All users running ‘openssl’ should upgrade to the most recent
version, as outlined in this advisory. All updates can be found at:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
http://ftp.engardelinux.org/pub/engarde/stable/updates/
To install the updated package, execute the command:
rpm -Uvh <filename>
To verify the signature of the updated packages, execute the
command:
rpm -Kv <filename>
UPDATED PACKAGES
Source Packages:
SRPMS/openssl-0.9.6-1.0.13.src.rpm
MD5 Sum: 6e8134b6635a77bc6a9101438b50427a
i386 Binary Packages:
i386/openssl-0.9.6-1.0.13.i386.rpm
MD5 Sum: 2a0f944722c27fd34d8549dae25b611d
i386/openssl-misc-0.9.6-1.0.13.i386.rpm
MD5 Sum: 59cb6c0fed182b2b5eb3789b2fffdae7
i686 Binary Packages:
i686/openssl-0.9.6-1.0.13.i686.rpm MD5 Sum: 7bdedd1a057f547cc59a56b35801c277
i686/openssl-misc-0.9.6-1.0.13.i686.rpm
MD5 Sum: 82aa05b124b35809f27d48f81418e3e0
REFERENCES
Guardian Digital’s public key:
http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY
OpenSSL’s official web site:
http://www.openssl.org/
OpenSSL 0.9.6a announcement:
http://marc.theaimsgroup.com/?l=openssl-announce&m=98655255404174&w=2
$Id: 2001.04.26-openssl,v 1.1 2001/04/26 15:18:29 rwm Exp $
Author: Ryan W. Maple, <ryan@guardiandigital.com>
Copyright 2001, Guardian Digital, Inc.
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.