Debian alert: New openssl packages fix multiple vulnerabilities

Posted by dave on Mar 17, 2004 12:07 PM EDT
Mailing list
Mail this story
Print this story

Two vulnerabilities were discovered in openssl, an implementation of the SSL protocol, using the Codenomicon TLS Test Tool.

Hash: SHA1

- -------------------------------------------------------------------------- Debian Security Advisory DSA 465-1 [] Matt Zimmerman March 17th, 2004 - --------------------------------------------------------------------------

Package : openssl,openssl094,openssl095 Vulnerability : several Problem-Type : remote Debian-specific: no CVE Ids : CAN-2004-0079 CAN-2004-0081

Two vulnerabilities were discovered in openssl, an implementation of the SSL protocol, using the Codenomicon TLS Test Tool. More information can be found in the following NISCC Vulnerability Advisory:

and this OpenSSL advisory:

- CAN-2004-0079 - null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service.

- CAN-2004-0081 - a bug in older versions of OpenSSL 0.9.6 that can lead to a Denial of Service attack (infinite loop).

For the stable distribution (woody) these problems have been fixed in openssl version 0.9.6c-2.woody.6, openssl094 version 0.9.4-6.woody.4 and openssl095 version 0.9.5a-6.woody.5.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you update your openssl package.

Upgrade Instructions - --------------------

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody - --------------------------------

Source archives: Size/MD5 checksum: 632 c12536a01aca47e52d17e22310acbdd7 Size/MD5 checksum: 44829 7478b91c110b6f1e52cf459cb44c07e1 Size/MD5 checksum: 2153980 c8261d93317635d56df55650c6aeb3dc Size/MD5 checksum: 624 e10b520a03dc6a86acd3609ed390bf21 Size/MD5 checksum: 46851 5108530e438a6c00458fb034db238392 Size/MD5 checksum: 1570392 72544daea16d6c99d656b95f77b01b2d Size/MD5 checksum: 631 0548af08e7b80fe2c7e73108bf352230 Size/MD5 checksum: 39190 837e26caaf8c22a566dbefdd6ffc56ea Size/MD5 checksum: 1892089 99d22f1d4d23ff8b927f94a9df3997b4

Architecture independent components: Size/MD5 checksum: 980 be0ff309c754f9eb062bdc7d65a71819

Alpha architecture: Size/MD5 checksum: 1551564 72e47db6c9dcda4e5a6acf92a1ea2101 Size/MD5 checksum: 571350 cfd18f4a40a6cffbbaef2f14f4e94aa1 Size/MD5 checksum: 736410 f16961ca1e20d6f88f9bf99aa94b817b Size/MD5 checksum: 497332 066bc60aaa29ae1fb0d24c7c46a7e0cd

ARM architecture: Size/MD5 checksum: 1358118 42ee5f1969cae9faee362fad210422da Size/MD5 checksum: 474164 8ca5f15c012b6eb5bad33bf27180b9e1 Size/MD5 checksum: 729876 259449511f610538b0429ad552d627e9 Size/MD5 checksum: 402664 6c3c6fb33553e370d966161c44371eed

Intel IA-32 architecture: Size/MD5 checksum: 1290986 ee3f1bd5dc3de3e7dff6e945e73bf7b1 Size/MD5 checksum: 461870 8d24ba643ce45cf495d775fa7062e53e Size/MD5 checksum: 723346 e258d6e5c4e79767d1b75ae29a103a6d Size/MD5 checksum: 358500 92eb1693ec21ca108f0d06932ce4f9db Size/MD5 checksum: 399952 068f0a3443cbebbd23571df0170cad84

Intel IA-64 architecture: Size/MD5 checksum: 1615338 e59a7278d4d972943247b83d57e1712b Size/MD5 checksum: 711170 bb0b97f071f942d23d2f7f5362c34c06 Size/MD5 checksum: 763566 e3ebf464f440dbd86ae18c1b25ebac0f

HP Precision architecture: Size/MD5 checksum: 1435466 2c77d74ee8c1aaf6bebf02538f307ef6 Size/MD5 checksum: 565020 9133258c424eadf23b659993439e4147 Size/MD5 checksum: 742002 a5222dc5116da8dce774643cb09925bb

Motorola 680x0 architecture: Size/MD5 checksum: 1266746 94ce507777c7889cac278a1701bfa07d Size/MD5 checksum: 450742 cdb074142fb09b42b44d581bfe39f3b6 Size/MD5 checksum: 720494 1c563a7eb888efbe767caf60d58d60c3 Size/MD5 checksum: 376910 1976f00b903cbf56c3fecd8746bcdb13

Big endian MIPS architecture: Size/MD5 checksum: 1416298 3784e3df38ca0e7429ebc3bd3443a751 Size/MD5 checksum: 483772 781e99d232b8cb2d8eb2ffd7872be3cd Size/MD5 checksum: 717852 f40b33d0bf0259121d73eb24d765c95d Size/MD5 checksum: 412764 6b1c44e692941adab697af4f9bc548d9

Little endian MIPS architecture: Size/MD5 checksum: 1410210 51022eaeba69faf250c2bec4384c399b Size/MD5 checksum: 476744 76be9bc27f5fe75f05ecf0a1b3a54f3c Size/MD5 checksum: 717148 047c9f61de01b84f73dc18a5b2e7c507 Size/MD5 checksum: 407554 98928a0620c1fef51662c4f03ef56de6

PowerPC architecture: Size/MD5 checksum: 1386978 6e7b16a9bb3e2e780ef76408f516e760 Size/MD5 checksum: 502578 ad9b8b2222b035154fae759f1a1f6a29 Size/MD5 checksum: 726792 7a1881432528a890c0ca9800fc33b6c2 Size/MD5 checksum: 425652 43e11b5bc3ed981c2c68418cbafa37e2

IBM S/390 architecture: Size/MD5 checksum: 1326484 663c1bd6518a284d2fde11ff5d728506 Size/MD5 checksum: 510582 61670cd45b446474caaae9fd7bac74b0 Size/MD5 checksum: 731686 6e5f1c96f5c0d1c78ed74b6f90d15e2d

Sun Sparc architecture: Size/MD5 checksum: 1344384 f383f9926645f06e8458c4f4cdf9c4b5 Size/MD5 checksum: 484864 76b6f3d6b33969295aa38b4285b4bc16 Size/MD5 checksum: 737280 9f57ba959daa989b54b214ebbb8824a4 Size/MD5 checksum: 412390 a596f5a5a4df199a088c86e96e3eae9b

These files will probably be moved into the stable distribution on its next revision.

- --------------------------------------------------------------------------------- For apt-get: deb stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: [] Package info: 'apt-cache show ' and -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)


-- To UNSUBSCRIBE, email to [] with a subject of "unsubscribe". Trouble? Contact []


» Read more about: Story Type: Security; Groups: Debian

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.