LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: openssl fix Print E-mail
User Rating:      How can I rate this item?
Posted by Joe Shakespeare   
Mandrake The Trustix developers found that the der_chop script, included in the openssl package, created temporary files insecurely. This could allow local users to overwrite files using a symlink attack.

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           openssl
 Advisory ID:            MDKSA-2004:147
 Date:                   December 6th, 2004

 Affected versions:      10.0, 10.1, 9.2, Corporate Server 2.1,
                         Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 The Trustix developers found that the der_chop script, included in the
 openssl package, created temporary files insecurely.  This could allow
 local users to overwrite files using a symlink attack.

 The updated packages have been patched to prevent this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0975
 ______________________________________________________________________

 Updated Packages:

 Mandrakelinux 10.0:
 c0d41b5423a09f01decc40e84fd005cb  10.0/RPMS/libopenssl0.9.7-0.9.7c-3.1.100mdk.i586.rpm
 82b573c6825f9a3abdd8a23da2fe7c2c  10.0/RPMS/libopenssl0.9.7-devel-0.9.7c-3.1.100mdk.i586.rpm
 7c4e0ddd161ae064928c3f3563a2dc4e  10.0/RPMS/libopenssl0.9.7-static-devel-0.9.7c-3.1.100mdk.i586.rpm
 d4d97f7b45004bd8d69ef90bce972442  10.0/RPMS/openssl-0.9.7c-3.1.100mdk.i586.rpm
 f09ed46ce152ac3396ce5a4a4b2036d0  10.0/SRPMS/openssl-0.9.7c-3.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 d9d9037cf0170a9e6ef1702f3e786b8a  amd64/10.0/RPMS/lib64openssl0.9.7-0.9.7c-3.1.100mdk.amd64.rpm
 cfa623fa40be35d5cc99053bafd625c1  amd64/10.0/RPMS/lib64openssl0.9.7-devel-0.9.7c-3.1.100mdk.amd64.rpm
 0098601eae49e65ee1fae0283bc4ffff  amd64/10.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7c-3.1.100mdk.amd64.rpm
 06d845c07b46356cef699f94a67b9bc0  amd64/10.0/RPMS/openssl-0.9.7c-3.1.100mdk.amd64.rpm
 f09ed46ce152ac3396ce5a4a4b2036d0  amd64/10.0/SRPMS/openssl-0.9.7c-3.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 ae229d9586ea295545e577960ecfc9d5  10.1/RPMS/libopenssl0.9.7-0.9.7d-1.1.101mdk.i586.rpm
 66d4393ab8ad6c72242fe03676d452bb  10.1/RPMS/libopenssl0.9.7-devel-0.9.7d-1.1.101mdk.i586.rpm
 003f9c7ba693314fe0cfd5c91f0d154b  10.1/RPMS/libopenssl0.9.7-static-devel-0.9.7d-1.1.101mdk.i586.rpm
 00e24e1fa79a339a5e1a92d9c2996082  10.1/RPMS/openssl-0.9.7d-1.1.101mdk.i586.rpm
 5c453b0349f604e2955a889f624982d6  10.1/SRPMS/openssl-0.9.7d-1.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 45a998be7caf5d54a7a8a106e2e6cf9a  x86_64/10.1/RPMS/lib64openssl0.9.7-0.9.7d-1.1.101mdk.x86_64.rpm
 000606c0fde3660e4c623f1ddb319e47  x86_64/10.1/RPMS/lib64openssl0.9.7-devel-0.9.7d-1.1.101mdk.x86_64.rpm
 f75779760ee204bbfaab4173575964cd  x86_64/10.1/RPMS/lib64openssl0.9.7-static-devel-0.9.7d-1.1.101mdk.x86_64.rpm
 81457d174401f6033cb03a9404145278  x86_64/10.1/RPMS/openssl-0.9.7d-1.1.101mdk.x86_64.rpm
 5c453b0349f604e2955a889f624982d6  x86_64/10.1/SRPMS/openssl-0.9.7d-1.1.101mdk.src.rpm

 Corporate Server 2.1:
 63355bf82d2b54f08a970383c9c5192c  corporate/2.1/RPMS/libopenssl0-0.9.6i-1.8.C21mdk.i586.rpm
 9d557d9105a7a2d1b1026543d6fedf2c  corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.8.C21mdk.i586.rpm
 0929ca75a91cd5c4f553329aa7e818a8  corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.8.C21mdk.i586.rpm
 2cd8e70cc5c66c4797392e4ea3a0348f  corporate/2.1/RPMS/openssl-0.9.6i-1.8.C21mdk.i586.rpm
 337b3ad1c49fc5e91f2d72ea6a493868  corporate/2.1/SRPMS/openssl-0.9.6i-1.8.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 1fb93ddabdccd9edd724e7d6818e7299  x86_64/corporate/2.1/RPMS/libopenssl0-0.9.6i-1.8.C21mdk.x86_64.rpm
 acfe2f603298bae71c4f35a928d9ba88  x86_64/corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.8.C21mdk.x86_64.rpm
 daf31defd9c4b27bf28581bd7ed7fd2c  x86_64/corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.8.C21mdk.x86_64.rpm
 cade4a4db47d263c6660591d1bf9d5a1  x86_64/corporate/2.1/RPMS/openssl-0.9.6i-1.8.C21mdk.x86_64.rpm
 337b3ad1c49fc5e91f2d72ea6a493868  x86_64/corporate/2.1/SRPMS/openssl-0.9.6i-1.8.C21mdk.src.rpm

 Mandrakelinux 9.2:
 f014f2318e559b7cfc5fc5bd2a010b67  9.2/RPMS/libopenssl0.9.7-0.9.7b-5.1.92mdk.i586.rpm
 db4c7a4d97015c04a03ed69fa8d9c941  9.2/RPMS/libopenssl0.9.7-devel-0.9.7b-5.1.92mdk.i586.rpm
 1368b0bf03dcebb17b6f1d5359411d8b  9.2/RPMS/libopenssl0.9.7-static-devel-0.9.7b-5.1.92mdk.i586.rpm
 369d6104e62dc23e23c2d9f05e0d03db  9.2/RPMS/openssl-0.9.7b-5.1.92mdk.i586.rpm
 9389817df3eb169e26536635c129e853  9.2/SRPMS/openssl-0.9.7b-5.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 a0f963c1ab90037dcdf57dba1337e48d  amd64/9.2/RPMS/lib64openssl0.9.7-0.9.7b-5.1.92mdk.amd64.rpm
 587ef4344175ab4532e0e569ea733df3  amd64/9.2/RPMS/lib64openssl0.9.7-devel-0.9.7b-5.1.92mdk.amd64.rpm
 4638c1af2de29459e2c1fae27fd28659  amd64/9.2/RPMS/lib64openssl0.9.7-static-devel-0.9.7b-5.1.92mdk.amd64.rpm
 18d875fb53f6b5c0adfc22fed5193645  amd64/9.2/RPMS/openssl-0.9.7b-5.1.92mdk.amd64.rpm
 9389817df3eb169e26536635c129e853  amd64/9.2/SRPMS/openssl-0.9.7b-5.1.92mdk.src.rpm

 Multi Network Firewall 8.2:
 eeaeae17ef647b22de71170105190f87  mnf8.2/RPMS/libopenssl0-0.9.6i-1.7.M82mdk.i586.rpm
 b3ffacae8b78391fcc30267a3f252223  mnf8.2/RPMS/openssl-0.9.6i-1.7.M82mdk.i586.rpm
 aa558b895ae77092ae29dec127a5a2a0  mnf8.2/SRPMS/openssl-0.9.6i-1.7.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.