LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 19th, 2014
Linux Security Week: September 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2012:011: openssl Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been found and corrected in openssl: OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:011
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : openssl
 Date    : January 29, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in openssl:
 
 OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications,
 which allows remote attackers to cause a denial of service via
 unspecified vectors.  NOTE: this vulnerability exists because of an
 incorrect fix for CVE-2011-4108 (CVE-2012-0050).
 
 The updated packages have been patched to correct this issue.
 
 The openssl0.9.8 packages for 2010.2 have been upgraded to the 0.9.8t
 version which is not vulnerable to this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050
 http://www.openssl.org/news/secadv_20120118.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 3d1552028a1193f09e656595a7086e7c  2010.1/i586/libopenssl0.9.8-0.9.8t-0.1mdv2010.2.i586.rpm
 1d0afb14e5d538d2ab693ad50656ba27  2010.1/i586/libopenssl1.0.0-1.0.0a-1.10mdv2010.2.i586.rpm
 9b2da169cce478da088420e9bac3da73  2010.1/i586/libopenssl1.0.0-devel-1.0.0a-1.10mdv2010.2.i586.rpm
 d60d92da1039e69bb8dce3669fa15394  2010.1/i586/libopenssl1.0.0-static-devel-1.0.0a-1.10mdv2010.2.i586.rpm
 e1bdbc476c945d01dba413633de4c9f3  2010.1/i586/libopenssl-engines1.0.0-1.0.0a-1.10mdv2010.2.i586.rpm
 74fced6c024c55ae564431785c425ea6  2010.1/i586/openssl-1.0.0a-1.10mdv2010.2.i586.rpm 
 8900a99630c54b95e8181a035f19c5d3  2010.1/SRPMS/openssl0.9.8-0.9.8t-0.1mdv2010.2.src.rpm
 c1dbd62acd6152eb430b7b7b040f6daa  2010.1/SRPMS/openssl-1.0.0a-1.10mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 360aa3cdcc7bd5389a49029f556d8b1f  2010.1/x86_64/lib64openssl0.9.8-0.9.8t-0.1mdv2010.2.x86_64.rpm
 38b2ea8779ecb5000aa42e1223177a16  2010.1/x86_64/lib64openssl1.0.0-1.0.0a-1.10mdv2010.2.x86_64.rpm
 24a3d4891c49a6834c900f51a296cb78  2010.1/x86_64/lib64openssl1.0.0-devel-1.0.0a-1.10mdv2010.2.x86_64.rpm
 1402f25fd2a9556008e7a3844d2796e2  2010.1/x86_64/lib64openssl1.0.0-static-devel-1.0.0a-1.10mdv2010.2.x86_64.rpm
 8de0784934ade0205c5a35b58fd8e2e1  2010.1/x86_64/lib64openssl-engines1.0.0-1.0.0a-1.10mdv2010.2.x86_64.rpm
 2b4f6bba324f1b1ff9b50608892a36a5  2010.1/x86_64/openssl-1.0.0a-1.10mdv2010.2.x86_64.rpm 
 8900a99630c54b95e8181a035f19c5d3  2010.1/SRPMS/openssl0.9.8-0.9.8t-0.1mdv2010.2.src.rpm
 c1dbd62acd6152eb430b7b7b040f6daa  2010.1/SRPMS/openssl-1.0.0a-1.10mdv2010.2.src.rpm

 Mandriva Linux 2011:
 d4ab0a6f45773b5529160783b6c51666  2011/i586/libopenssl1.0.0-1.0.0d-2.3-mdv2011.0.i586.rpm
 dcd8cf9975aaff3b7a0263acffc8a969  2011/i586/libopenssl-devel-1.0.0d-2.3-mdv2011.0.i586.rpm
 1d1dea32f05f3e05b4e88666d54f8000  2011/i586/libopenssl-engines1.0.0-1.0.0d-2.3-mdv2011.0.i586.rpm
 ab30c467a26a3004c05db723a8638351  2011/i586/libopenssl-static-devel-1.0.0d-2.3-mdv2011.0.i586.rpm
 8a459b25df75691ad36f366f7ab52bcf  2011/i586/openssl-1.0.0d-2.3-mdv2011.0.i586.rpm 
 f62697910799a948e6f6968f6dabbd57  2011/SRPMS/openssl-1.0.0d-2.3.src.rpm

 Mandriva Linux 2011/X86_64:
 5437abb7d5123efc1fcd7bf5748b7858  2011/x86_64/lib64openssl1.0.0-1.0.0d-2.3-mdv2011.0.x86_64.rpm
 5f92319e8040dae6d769a51d6b9d7859  2011/x86_64/lib64openssl-devel-1.0.0d-2.3-mdv2011.0.x86_64.rpm
 3b96d82a1f2f0714512435d2647ec4d5  2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.3-mdv2011.0.x86_64.rpm
 182c0e2a4a247bbd3530eeab5fbe4c51  2011/x86_64/lib64openssl-static-devel-1.0.0d-2.3-mdv2011.0.x86_64.rpm
 aed76398cf865b3e516a853e0ae74128  2011/x86_64/openssl-1.0.0d-2.3-mdv2011.0.x86_64.rpm 
 f62697910799a948e6f6968f6dabbd57  2011/SRPMS/openssl-1.0.0d-2.3.src.rpm

 Mandriva Enterprise Server 5:
 c67d477c8f43a359d6e1cc1235c026d9  mes5/i586/libopenssl0.9.8-0.9.8h-3.13mdvmes5.2.i586.rpm
 d79856916fba2623cb03cf5cfbe2f3d5  mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.13mdvmes5.2.i586.rpm
 ab5062b36b43682ffb848a11e7f10913  mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.13mdvmes5.2.i586.rpm
 75ae211ecce78408dda0d4c7b0272069  mes5/i586/openssl-0.9.8h-3.13mdvmes5.2.i586.rpm 
 46b0cd56f7708e8b92fe96fc21f23ed4  mes5/SRPMS/openssl-0.9.8h-3.13mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 db577969e2d0f2314172255056bd0b39  mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.13mdvmes5.2.x86_64.rpm
 f7eb1f4a2546c589020a45e9995d174d  mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.13mdvmes5.2.x86_64.rpm
 98e904938a2d04431844f8ece734bf1b  mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.13mdvmes5.2.x86_64.rpm
 60ed4104d96569f0dfb8e3b923281fa9  mes5/x86_64/openssl-0.9.8h-3.13mdvmes5.2.x86_64.rpm 
 46b0cd56f7708e8b92fe96fc21f23ed4  mes5/SRPMS/openssl-0.9.8h-3.13mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Encryption goof fixed in TorrentLocker file-locking malware
Qubes: The Open Source OS Built for Security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.