Fedora 10 Update: openssl-0.9.8g-14.fc10 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: September 1st, 2010

Linux Advisory Watch: August 27th, 2010

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Fedora 10 Update: openssl-0.9.8g-14.fc10

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

Security update fixing DoS bugs in DTLS code. CVE-2009-1377 CVE-2009-1378 CVE-2009-1379

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-5412
2009-05-25 17:28:35
--------------------------------------------------------------------------------

Name        : openssl
Product     : Fedora 10
Version     : 0.9.8g
Release     : 14.fc10
URL         : http://www.openssl.org/
Summary     : The OpenSSL toolkit
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

--------------------------------------------------------------------------------
Update Information:

Security update fixing DoS bugs in DTLS code.  CVE-2009-1377 CVE-2009-1378
CVE-2009-1379
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 21 2009 Tomas Mraz  0.9.8g-14
- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379
  (DTLS DoS problems) (#501253, #501254, #501572)
* Tue Apr 21 2009 Tomas Mraz  0.9.8g-13
- support compatibility DTLS mode for CISCO AnyConnect (#464629)
- fix crash when parsing malformed mime headers in the smime app
- provide openssl-static by the devel subpackage (#496372)
* Wed Jan  7 2009 Tomas Mraz  0.9.8g-12
- fix CVE-2008-5077 - incorrect checks for malformed signatures (#476671)
- add -no_ign_eof option (#462393)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #501253 - CVE-2009-1377 OpenSSL: DTLS epoch record buffer memory DoS
        https://bugzilla.redhat.com/show_bug.cgi?id=501253
  [ 2 ] Bug #501254 - CVE-2009-1378 OpenSSL: DTLS fragment handling memory DoS
        https://bugzilla.redhat.com/show_bug.cgi?id=501254
  [ 3 ] Bug #501572 - CVE-2009-1379 OpenSSL: DTLS pointer use-after-free flaw (DoS)
        https://bugzilla.redhat.com/show_bug.cgi?id=501572
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update openssl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce