Trustix alert: openssl

Posted by dave on Mar 18, 2004 1:27 PM EDT
Mailing list
Mail this story
Print this story

Several holes were discovered that could lead to denial of service (DoS) attacks on SSL-enabled services.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2004-0012

Package name: openssl Summary: Sevaral DoS vulnerabilities Date: 2004-03-17 Affected versions: Trustix 1.5, 2.0, 2.1

- -------------------------------------------------------------------------- Package description: A C library that provides various crytographic algorithms and protocols, including DES, RC4, RSA, and SSL.

Problem description: Several holes were discovered that could lead to denial of service (DoS) attacks on SSL-enabled services. See CAN-2004-0079, CAN-2004-0081, and CAN-2004-0112 on for a more thorough description of these problems.

Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system.

Location: All Trustix updates are available from

About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater.

Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'.

Public testing: Most updates for Trustix are made available for public testing some time before release. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at

You may also use swup for public testing of updates: site { class = 0 location = "http://tsldev.trustix.org/cloud/rdfs/latest.rdf" regexp = ".*" }

Questions? Check out our mailing lists:

Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from:

The advisory itself is available from the errata pages at , and or directly at

MD5sums of the packages: - -------------------------------------------------------------------------- 586ed6a62e01ca094f61002ec4b134e8 1.5/rpms/openssl-0.9.6-17tr.i586.rpm ac7ebd358ce58ab403a4498da02486be 1.5/rpms/openssl-devel-0.9.6-17tr.i586.rpm beee208cfb7081cced602a750d1f2145 1.5/rpms/openssl-python-0.9.6-17tr.i586.rpm 7b7d4788687514cf273d5bffe65b6d2e 1.5/rpms/openssl-support-0.9.6-17tr.i586.rpm 5e891874980982a134bb127ba7358f0d 1.5/srpms/openssl-0.9.6-17tr.src.rpm cd3866fb30d8acb728ef44f8a30d6b37 2.0/rpms/openssl-0.9.7c-2tr.i586.rpm 988123ebb6fb32a717b0b3f85082028b 2.0/rpms/openssl-devel-0.9.7c-2tr.i586.rpm c8f19e94b6ed3be8892a1a66be9a3644 2.0/rpms/openssl-python-0.9.7c-2tr.i586.rpm d7f01d2b99e6ded2ab3361ef90dffb62 2.0/rpms/openssl-support-0.9.7c-2tr.i586.rpm d49d900813432cfaabaaa4454a999ee6 2.0/srpms/openssl-0.9.7c-2tr.src.rpm 26f2286743fcb8f6560b05125e74ea71 2.1/rpms/openssl-0.9.7c-5tr.i586.rpm 32728af4fa90cf13996620304b5fadaa 2.1/rpms/openssl-devel-0.9.7c-5tr.i586.rpm 457e62f027ebf155a454b9dc20cc8891 2.1/rpms/openssl-python-0.9.7c-5tr.i586.rpm f9f45701b12d2407e473929ffb9699d1 2.1/rpms/openssl-support-0.9.7c-5tr.i586.rpm 8c9a0ad7e420fe6f914338fa5d884996 2.1/srpms/openssl-0.9.7c-5tr.src.rpm - --------------------------------------------------------------------------

Trustix Security Team

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAWb7/i8CEzsK9IksRAm0eAJ9my/zsqLQ3pVu/9vrLVD9EX1hTgwCdGQHK 44wiQ5twZJOU4JrpCJtv260= =SBPt -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list [e-mail:tsl-announce@lists.trustix.org] http://lists.trustix.org/mailman/listinfo/tsl-announce

[PARSEASHTML]

  Nav
» Read more about: Story Type: Security; Groups: Trustix

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.