Foresight: openssl - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

Is Mandatory Access Control Too Much Security For Enterprise's Linux?

	Yes, too difficult to configure and manage.
	No. You can never have enough security.
	Yes. Standard Linux security settings work for us.
	No. Industry demands will demand SELinux.
	Don't know.

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

Emily Ratliff: OS Security

DanWalsh LiveJournal

Security Bloggers Network

Latest Newsletters

Linux Advisory Watch: August 29th, 2008

Linux Security Week: August 25th, 2008

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Foresight: openssl

User Rating:

How can I rate this item?

Posted by Bill Keys

Previous versions of the openssl package are vulnerable to a buffer overflow, possibly enabling remote attackers to execute arbitrary code through applications that use the openssl libraries.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0058-1
Published: 2007-10-03

Rating: Severe

Updated Versions:
    openssl=/conary.rpath.com at rpl:devel//1/0.9.7f-10.10-1
    openssl-scripts=/conary.rpath.com at rpl:devel//1/0.9.7f-10.10-1
    group-dist=/foresight.rpath.org at fl:1-devel//1/1.4.0-0.5-10

References:
    https://issues.rpath.com/browse/RPL-1769
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135

Description:
    Previous versions of the openssl package are vulnerable to a buffer
    overflow, possibly enabling remote attackers to execute arbitrary code
    through applications that use the openssl libraries.

- ---

Copyright 2007 Foresight Linux Project
Portions Copyright 2007 rPath Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRwQeF9fwEn07iAtZAQLCAg/6AzU69utnr7GUyJceZb+mzj/bVlyCaNYz
xrf81c/Te11IBAHimIxZkeaScxl+TDMfNswdvKbgDXJ4dIEVLil+85l68ocKfU/R
6CgPRv0QHtCtKVsHVn3VvMRO2oBqaW5rBw+ah3+4RUHUVuJDZeOhiu7QaTDMvNtf
7GMIjnSaBAhEpQwbW0IVpweu5s6PbNCzkiQ+a8C8LTgrJTNJca0JptHMTjgl3zqw
XMTlX64+yOCPLTONkW3fRssDTzVaWuYuE2WDUEzoI3Scvh2eBnqeeteh6C2uqmR2
TJ8BQml4weT+UCB+i7j+LB57ubiAufbz1O9MCX4u47jZDzlyjV7KsLuCyV75+y52
76fPlUl4YWEiHpK8SXk7MH7DGSFPCs6mr/R87Xs6Hfe3UM1NmHbJZWPwN0u/hUHv
EYnDu2fpV0QDlaoAg2sFH9sI3lrR0oPuRKi2F0l1wp0T3prsbfxFmk+M2N6ghK4G
IQNy4SQkaLtkLr6GgrLsUByZVcXCRyMr92gM4m7DuoZ+Pq6fkhrTvakoNnQaPo95
6yjm0tSa6cCTwEjhZlHIaOEUP3zZg2ytfMEVmS02nmk08p4m1D0VI2R223BenaRB
VYOWEt2nKr1PZExcj8+RsAEeu054PlCwj6si2A2VHj2i4hstGKyDGUGQbCb4IcaG
LNPwikMuZ7A=
=Jy0b
-----END PGP SIGNATURE-----

< Prev		Next >

Partner:

Latest Features

Review: Hacking Exposed Linux, Third Edition

Security Features of Firefox 3.0

Review: The Book of Wireless

April 2008 Open Source Tool of the Month: sudo

Open Source Tool of March: ZoneMinder

Meet the Anti-Nmap: PSAD

Open Source Tool of February: Nmap!

Yesterday's Edition

SSH Key-Based Attacks

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
Security Projects , Latest News , Newsletters , SELinux , Privacy , Home,
Hardening , About Us, Advertise, Legal Notice, RSS, Guardian Digital