ID

VAR-201012-0193

CVE

CVE-2010-4180

TITLE

Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL

DESCRIPTION

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL is prone to a security weakness that may allow attackers to downgrade the ciphersuite. Successfully exploiting this issue in conjunction with other latent vulnerabilities may allow attackers to gain access to sensitive information or gain unauthorized access to an affected application that uses OpenSSL. Releases prior to OpenSSL 1.0.0c are affected. =========================================================== Ubuntu Security Notice USN-1029-1 December 08, 2010 openssl vulnerabilities CVE-2008-7270, CVE-2010-4180 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.14 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.13 Ubuntu 9.10: libssl0.9.8 0.9.8g-16ubuntu3.5 Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.5 Ubuntu 10.10: libssl0.9.8 0.9.8o-1ubuntu4.3 After a standard system update you need to reboot your computer to make all the necessary changes. Details follow: It was discovered that an old bug workaround in the SSL/TLS server code allowed an attacker to modify the stored session cache ciphersuite. (CVE-2010-4180) It was discovered that an old bug workaround in the SSL/TLS server code allowed allowed an attacker to modify the stored session cache ciphersuite. An attacker could possibly take advantage of this to force the use of a disabled cipher. This vulnerability only affects the versions of OpenSSL in Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10. (CVE-2008-7270) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14.diff.gz Size/MD5: 67296 3de8e480bcec0653b94001366e2f1f27 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14.dsc Size/MD5: 1465 a5f93020840f693044eb64af528fd01e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_amd64.udeb Size/MD5: 572012 b3792d19d5f7783929e473b6eb1e239c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_amd64.deb Size/MD5: 2181644 746b74e9b6c42731ff2021c396789708 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_amd64.deb Size/MD5: 1696628 abe942986698bf86938312c5e344e0ba http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_amd64.deb Size/MD5: 880292 9d6d854dcef14c90ce24c1aa232a418a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_amd64.deb Size/MD5: 998466 9c51c334fd6c0b7c7b73340a01af61c8 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_i386.udeb Size/MD5: 509644 e1617d062d546f7dad2298bf6463bc3c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_i386.deb Size/MD5: 2031000 6755c67294ab2ff03255a3bf7079ab26 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_i386.deb Size/MD5: 5195206 37fcd0cdefd012f0ea7d79d0e6a1b48f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_i386.deb Size/MD5: 2660326 9083ddc71b89e4f4e95c4ca999bcedba http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_i386.deb Size/MD5: 979408 518eaad303d089ab7dcc1b89fd019f19 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_powerpc.udeb Size/MD5: 558018 0e94d5f570a83f4b41bef642e032c256 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_powerpc.deb Size/MD5: 2189034 6588292725cfa33c8d56a61c3d8120b1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_powerpc.deb Size/MD5: 1740524 0b98e950e59c538333716ee939710150 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_powerpc.deb Size/MD5: 865778 d1e44ecc73dea8a8a11cd4d6b7c38abf http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_powerpc.deb Size/MD5: 984342 a3ff875c30b6721a1d6dd59d9a6393e0 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_sparc.udeb Size/MD5: 531126 7f598ce48b981eece01e0a1044bbdcc5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_sparc.deb Size/MD5: 2099640 38d18490bd40fcc6ee127965e460e6aa http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_sparc.deb Size/MD5: 3977666 f532337b8bc186ee851d69f8af8f7fe3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_sparc.deb Size/MD5: 2101356 501fd6e860368e3682f9d6035ed3413d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_sparc.deb Size/MD5: 992232 52bd2a78e8d2452fbe873658433fbe45 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13.diff.gz Size/MD5: 73984 2e4386a45d0f3a7e3bbf13f1cd4f62fb http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13.dsc Size/MD5: 1563 40d181ca10759fb3d78a24d3b61d6055 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.13_all.deb Size/MD5: 631720 68f4c61790241e78736eb6a2c2280a0d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_amd64.udeb Size/MD5: 604222 f1aeb30abc9ff9f73749dced0982c312 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_amd64.deb Size/MD5: 2084282 472728da8f3b8474d23e128ab686b777 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_amd64.deb Size/MD5: 1621532 4aad22d7f98d57f9d582123f354bb499 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_amd64.deb Size/MD5: 941454 fbeb5e8cc138872158931bbde0be2336 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_amd64.deb Size/MD5: 392758 e337373509761ee9c3e54d26c3867cd6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_i386.udeb Size/MD5: 564986 a9cfb58458322b5c3253f5f21fcdff83 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_i386.deb Size/MD5: 1951390 187734df71deb12de0aa6ba3da3ddfb2 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_i386.deb Size/MD5: 5415092 1919e018dc2473d10f05626cfdd4385a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_i386.deb Size/MD5: 2859870 7b5ef116df18489408becd21d9d52649 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_i386.deb Size/MD5: 387802 2fb486f8f17dfc6d384e54465f66f8a9 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_lpia.udeb Size/MD5: 535616 d196d8b0dc3d0c9864862f88a400f46e http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_lpia.deb Size/MD5: 1932070 bc1a33e24ce141477caf0a4145d10284 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_lpia.deb Size/MD5: 1532992 6e69c3e3520bafbdbfbf2ff09a822530 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_lpia.deb Size/MD5: 852392 07d0adb80cd03837fd9d8ecbda86ea09 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_lpia.deb Size/MD5: 392096 c90b67fc5dbc0353a60b840ccdd632bd powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_powerpc.udeb Size/MD5: 610446 e5db78f8999ea4da0e5ac1b6fdc35618 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_powerpc.deb Size/MD5: 2091338 70f449d9738b0a05d293d97facb87f5e http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_powerpc.deb Size/MD5: 1658830 5dba0f3b3eb2e8ecc9953a5eba7e9339 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_powerpc.deb Size/MD5: 953732 406c11752e6a69cea4f7c65e5c23f2bb http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_powerpc.deb Size/MD5: 401076 c7572a53be4971e4537e1a3c52497a85 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_sparc.udeb Size/MD5: 559792 69edc52b1e3b34fcb302fc7a9504223e http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_sparc.deb Size/MD5: 1995782 dbf2c667cf2be687693d435e52959cfa http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_sparc.deb Size/MD5: 3927018 4a16b21b3e212031f4bd6e618197f8e2 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_sparc.deb Size/MD5: 2264418 d0e9ea2c9df5406bf0b94746ce34a189 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_sparc.deb Size/MD5: 400272 6adb67ab18511683369b980fddb15e94 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5.diff.gz Size/MD5: 75247 09b8215b07ab841c39f8836ca47ee01d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5.dsc Size/MD5: 2078 0f11b8b1f104fdd3b7ef98b8f289e57a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-16ubuntu3.5_all.deb Size/MD5: 642466 eecc336759fa7b99eaed2ef541499e97 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_amd64.udeb Size/MD5: 628186 29b1c5d8b32a0678a48d0a89556508e3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_amd64.deb Size/MD5: 2119392 d6862813a343ee9472b90f7139e7dc48 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_amd64.deb Size/MD5: 1642856 2d76609a9262f9b5f2784c23e451baff http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_amd64.deb Size/MD5: 967526 afc32aefadd062851e456216d11d5a97 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_amd64.deb Size/MD5: 402562 5aa66b898f890baac5194ada999ab1d3 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_i386.udeb Size/MD5: 571494 c6ac5d5bce8786699abf9fd852c46393 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_i386.deb Size/MD5: 1979806 bdeb6615f192f714451544068c74812d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_i386.deb Size/MD5: 5630550 f26ccb94e593f7086a4e3b71cff68e3f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_i386.deb Size/MD5: 2927046 5e0b91471526f867012b362cdcda1068 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_i386.deb Size/MD5: 397776 07f6c0d04be2bd89d8e40fd8c13285bc armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_armel.udeb Size/MD5: 541448 2491f890b8dd2e0a93416d423ec5cc1b http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_armel.deb Size/MD5: 1965226 20c3261921cd9d235ed2647f0756b045 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_armel.deb Size/MD5: 1540070 9ffa955952e4d670ad29a9b39243d629 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_armel.deb Size/MD5: 856998 0be4e4cd43bed15fc8363a879bf58c39 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_armel.deb Size/MD5: 393692 802f3c5abea68a6054febb334452a7c0 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_lpia.udeb Size/MD5: 547524 6c19d36e99270da89d4adf0f76bdb0eb http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_lpia.deb Size/MD5: 1957254 5ee4cfcae8860529992874afc9f325fb http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_lpia.deb Size/MD5: 1590464 11e400cf0cc2c2e465adaecc9d477c75 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_lpia.deb Size/MD5: 868712 06e54b85b80b5f367bde9743d1aedbff http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_lpia.deb Size/MD5: 399902 0efbc32f3738c140b1c3efe2b1113aeb powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_powerpc.udeb Size/MD5: 619104 e40b223ab89356348cf4c1de46bd8d77 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_powerpc.deb Size/MD5: 2115846 01770253efeca9c2f7c5e432c6d6bf95 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_powerpc.deb Size/MD5: 1697564 24d665973abab4ecbe08813d226556f2 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_powerpc.deb Size/MD5: 951140 f59e1d23b2b21412d8f068b0475fe773 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_powerpc.deb Size/MD5: 399376 3703f492fe145305ee7766e2a0d52c5c sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_sparc.udeb Size/MD5: 563630 1df247a9584dbeb62fffde7b42c21a2f http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_sparc.deb Size/MD5: 2008260 d79476e6fa043ad83bd12fe9531f8b22 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_sparc.deb Size/MD5: 3995256 b60bf440e4e598947db86c4bf020e6fa http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_sparc.deb Size/MD5: 2283532 0799ba2774806fead522ef6972cde580 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_sparc.deb Size/MD5: 409314 82165b0cf05d27e318f0d64df876f8f8 Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5.diff.gz Size/MD5: 112331 02b0f3bdc024b25dc2cb168628a42dac http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5.dsc Size/MD5: 2102 de69229286f2c7eb52183e2ededb0a48 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k.orig.tar.gz Size/MD5: 3852259 e555c6d58d276aec7fdc53363e338ab3 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8k-7ubuntu8.5_all.deb Size/MD5: 640566 023f6b5527052d0341c40cbbf64f8e54 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_amd64.udeb Size/MD5: 630234 2d2c5a442d4d2abc2e49feaef783c710 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_amd64.deb Size/MD5: 2143676 c9bf70ec94df02a89d99591471e44787 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_amd64.deb Size/MD5: 1650636 485f318a2457012aa489823e87d4f9b1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_amd64.udeb Size/MD5: 136130 e16feacb49a52ef72aa69da4f63718a8 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_amd64.deb Size/MD5: 979624 6a0c5f93f6371c4b41c0bccbc1e9b217 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_amd64.deb Size/MD5: 406378 2aee12190747b060f4ad6bfd3a182bd6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_i386.udeb Size/MD5: 582640 ce87be9268c6ce3550bb7935460b3976 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_i386.deb Size/MD5: 2006462 cb6fe50961fe89ee67f0c13c26d424f5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_i386.deb Size/MD5: 5806248 7c21c1a2ea1ce8201904b2a99537cad6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_i386.udeb Size/MD5: 129708 77ff3896e3c541f1d9c0eb161c919882 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_i386.deb Size/MD5: 3014932 4e61de0d021f49ac5fc2884d2d252854 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_i386.deb Size/MD5: 400398 7654a219a640549e8d34bb91e34a815b armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_armel.udeb Size/MD5: 532306 9a4d5169e5e3429581bb16d6e61e334a http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_armel.deb Size/MD5: 1935426 fb725096f798314e1cd76248599ec61a http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_armel.deb Size/MD5: 1624382 6833d33bed6fbe0ad61d8615d56089f7 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_armel.udeb Size/MD5: 115630 55449ab904a6b52402a3cd88b763f384 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_armel.deb Size/MD5: 849068 ace9af9701bd1aa8078f8371bb5a1249 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_armel.deb Size/MD5: 394182 198be7154104014118c0bee633ad3524 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_powerpc.udeb Size/MD5: 627050 1057f1e1b4c7fb2129064149fdc15e7e http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_powerpc.deb Size/MD5: 2147452 41e5eb249a3a2619d0add96808c9e6e4 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_powerpc.deb Size/MD5: 1718790 6161e426e833e984a2dbe5fbae29ceec http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_powerpc.udeb Size/MD5: 135530 26aba12ee4ba7caff0f2653c12318e92 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_powerpc.deb Size/MD5: 969544 822b91a90cf91650f12a3ce9200e9dc0 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_powerpc.deb Size/MD5: 402878 79e80d92494b2f74241edcd18ba6f994 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_sparc.udeb Size/MD5: 597964 a4e6860a52c0681b36b1ca553bccd805 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_sparc.deb Size/MD5: 2065638 05c803f4fd599d46162db5de530236f5 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_sparc.deb Size/MD5: 4094390 8a1251f546bf8e449fe2952b25029f53 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_sparc.udeb Size/MD5: 125862 75b8bdc987cf37a65d73b31c74c664ee http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_sparc.deb Size/MD5: 2353876 6ef537e63f9551a927f52cc87befbc60 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_sparc.deb Size/MD5: 419348 b17aeb96b578e199d33b02c5eab2ae19 Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3.debian.tar.gz Size/MD5: 92255 055df7f147cbad0066f88a0f2fa62cf5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3.dsc Size/MD5: 2118 8a81f824f312fb4033e1ab28a27ff99e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o.orig.tar.gz Size/MD5: 3772542 63ddc5116488985e820075e65fbe6aa4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8o-1ubuntu4.3_all.deb Size/MD5: 645798 04eb700e0335d703bd6f610688bc3374 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_amd64.udeb Size/MD5: 620316 df1d96cf5dbe9ea0b5ab1ef6f09b9194 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_amd64.deb Size/MD5: 2159884 a8fc3df0bf6af3350fe8f304eb29d90d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_amd64.deb Size/MD5: 1550444 f51ab29ef9e5e2636eb9b943d6e1d4b1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_amd64.udeb Size/MD5: 137384 72d04c14a09c287978aec689872bde8c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_amd64.deb Size/MD5: 923380 91e5f4df1c1e011ee449ff6424ecb832 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_amd64.deb Size/MD5: 406978 e9a055390d250ffc516518b53bb8bb36 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_i386.udeb Size/MD5: 570730 42ed7f9d05ca2b4d260cb3eb07832306 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_i386.deb Size/MD5: 2012542 2132edd3a3e0eecd04efd4645b8f583f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_i386.deb Size/MD5: 1553718 a842382c89c5a0ad0a88f979b9ffbd7e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_i386.udeb Size/MD5: 130462 4d2506b23b5abfa3be3e7fb8543c8d70 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_i386.deb Size/MD5: 866348 3c2ea45d798374c21b800dcf59d0a4c1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_i386.deb Size/MD5: 400064 b1b5e14e431ae7c6c5fad917f6ce596f armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_armel.udeb Size/MD5: 566054 5561d1894ad32ac689593ddd4b4a0609 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_armel.deb Size/MD5: 2012710 fd1d0612b6a89b26b0d32c72087538fd http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_armel.deb Size/MD5: 1542334 7609e92dc5d8d3030a65f4be81b862b2 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_armel.udeb Size/MD5: 120434 8d289d3446bdcdc8c297066608e72322 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_armel.deb Size/MD5: 851396 f5c3eb4c55ef9a9985a88bbaed3ec2ca http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_armel.deb Size/MD5: 406412 3bd3e64fd628b294b6ea47eb5f3c6a27 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_powerpc.udeb Size/MD5: 616138 19c9d86e43e2680921dd0a726a4dc955 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_powerpc.deb Size/MD5: 2154670 b22a1c4b9b05a87ab3b3ad494d5627f6 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_powerpc.deb Size/MD5: 1618586 3b2e33b46a007144b61c2469c7a2cbc7 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_powerpc.udeb Size/MD5: 136044 37e9e3fdc5d3dd5a9f931f33e523074e http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_powerpc.deb Size/MD5: 917582 674b2479c79c72b479f91433a34cb0fb http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_powerpc.deb Size/MD5: 402026 a9001ad881ad996d844b12bd7d427d76 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02824483 Version: 1 HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-05-05 Last Updated: 2011-05-05 Potential Security Impact: Remote Denial of Service (DoS), Unauthorized disclosure of information, unauthorized modification Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses. References: CVE-2011-0014, CVE-2010-4180, CVE-2010-4252, CVE-2010-3864 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS v 1.4 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-4180 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2010-4252 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-3864 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve these vulnerabilities. HP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers: http://h71000.www7.hp.com/openvms/products/ssl/ssl.html HISTORY Version:1 (rev.1) - 5 May 2011 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk3C8qwACgkQ4B86/C0qfVmTyACeI0cAPKAuu2dSVEZs1P0A/HP1 nR4An0Fi+F9yPWsVHhM8pkgrG376ShnM =DCj7 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 09, 2011 Bugs: #303739, #308011, #322575, #332027, #345767, #347623, #354139, #382069 ID: 201110-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks. Background ========== OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.0e >= 1.0.0e Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== A context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0e" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues. References ========== [ 1 ] CVE-2009-3245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245 [ 2 ] CVE-2009-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355 [ 3 ] CVE-2010-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433 [ 4 ] CVE-2010-0740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740 [ 5 ] CVE-2010-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742 [ 6 ] CVE-2010-1633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633 [ 7 ] CVE-2010-2939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939 [ 8 ] CVE-2010-3864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864 [ 9 ] CVE-2010-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180 [ 10 ] CVE-2010-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252 [ 11 ] CVE-2011-0014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014 [ 12 ] CVE-2011-3207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207 [ 13 ] CVE-2011-3210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2141-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch January 06, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : openssl Vulnerability : SSL/TLS insecure renegotiation protocol design flaw Problem type : remote Debian-specific: no CVE ID : CVE-2009-3555 CVE-2010-4180 Debian Bug : 555829 CVE-2009-3555: Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. If openssl is used in a server application, it will by default no longer accept renegotiation from clients that do not support the RFC5746 secure renegotiation extension. A separate advisory will add RFC5746 support for nss, the security library used by the iceweasel web browser. For apache2, there will be an update which allows to re-enable insecure renegotiation. This version of openssl is not compatible with older versions of tor. You have to use at least tor version 0.2.1.26-1~lenny+1, which has been included in the point release 5.0.7 of Debian stable. Currently we are not aware of other software with similar compatibility problems. CVE-2010-4180: In addition, this update fixes a flaw that allowed a client to bypass restrictions configured in the server for the used cipher suite. For the stable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny11. For the unstable distribution (sid), and the testing distribution (squeeze), this problem has been fixed in version 0.9.8o-4. We recommend that you upgrade your openssl package. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: a4b19ac2810b464392bb2f3b5292fe67 2009.0/i586/libopenssl0.9.8-0.9.8h-3.9mdv2009.0.i586.rpm 6169959e4a5f0acbdab7269ac99baa8d 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.9mdv2009.0.i586.rpm 64195ec5f2e7868a49c280d3a32168cd 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.9mdv2009.0.i586.rpm 7a1c151567d7f9d364a79ecd63322d47 2009.0/i586/openssl-0.9.8h-3.9mdv2009.0.i586.rpm 6e96fc588f1921571046fbc14928e5a1 2009.0/SRPMS/openssl-0.9.8h-3.9mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: a77409f3bedc0446f8eda39281dbf7a4 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.9mdv2009.0.x86_64.rpm feffaacd70224326c3582eb93156864b 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.9mdv2009.0.x86_64.rpm e2cb3f77f36b8b0a6ca214861bf79be3 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.9mdv2009.0.x86_64.rpm d6e667e012727d34442e23f91b005b40 2009.0/x86_64/openssl-0.9.8h-3.9mdv2009.0.x86_64.rpm 6e96fc588f1921571046fbc14928e5a1 2009.0/SRPMS/openssl-0.9.8h-3.9mdv2009.0.src.rpm Mandriva Linux 2010.0: 86223cb60de3ea76f185425da6b299f2 2010.0/i586/libopenssl0.9.8-0.9.8k-5.4mdv2010.0.i586.rpm 7624aa325a944ee5f4898dfd3a1c4340 2010.0/i586/libopenssl0.9.8-devel-0.9.8k-5.4mdv2010.0.i586.rpm 95ac866a31973ccf4c2e6d04012e7e67 2010.0/i586/libopenssl0.9.8-static-devel-0.9.8k-5.4mdv2010.0.i586.rpm 445c417e7de8145daefedf113b343ff5 2010.0/i586/openssl-0.9.8k-5.4mdv2010.0.i586.rpm 27fc76be287e1cd06adb2725df0c4167 2010.0/SRPMS/openssl-0.9.8k-5.4mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 391cb84677230e2c39708db0797b2e87 2010.0/x86_64/lib64openssl0.9.8-0.9.8k-5.4mdv2010.0.x86_64.rpm 7f251668cfd04bd1e2a634030c28929f 2010.0/x86_64/lib64openssl0.9.8-devel-0.9.8k-5.4mdv2010.0.x86_64.rpm 9110c45d54ce48c4ad0c8fe231f7f027 2010.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-5.4mdv2010.0.x86_64.rpm 43e7eae967aad5b140eed29dab277aa2 2010.0/x86_64/openssl-0.9.8k-5.4mdv2010.0.x86_64.rpm 27fc76be287e1cd06adb2725df0c4167 2010.0/SRPMS/openssl-0.9.8k-5.4mdv2010.0.src.rpm Mandriva Linux 2010.1: 9cf211d5095ca7a5a82aa980d4eebd5d 2010.1/i586/libopenssl1.0.0-1.0.0a-1.6mdv2010.1.i586.rpm 788019361b199d0b6a0f3331294ac154 2010.1/i586/libopenssl1.0.0-devel-1.0.0a-1.6mdv2010.1.i586.rpm b2372b8919a8ab458ade4ce47080f7ff 2010.1/i586/libopenssl1.0.0-static-devel-1.0.0a-1.6mdv2010.1.i586.rpm cd5929de815b6eec25d1d683f4363db0 2010.1/i586/libopenssl-engines1.0.0-1.0.0a-1.6mdv2010.1.i586.rpm 60fee57d944361e4fa369412c71a59a9 2010.1/i586/openssl-1.0.0a-1.6mdv2010.1.i586.rpm 2f28a567af2f44df1fbac7006d27db5d 2010.1/SRPMS/openssl-1.0.0a-1.6mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: ab021cadcaa131053ba5ac3940298f86 2010.1/x86_64/lib64openssl1.0.0-1.0.0a-1.6mdv2010.1.x86_64.rpm a2119fefbe8cfb649e88b3faf85ffba1 2010.1/x86_64/lib64openssl1.0.0-devel-1.0.0a-1.6mdv2010.1.x86_64.rpm 067878d8ff9ec0002c0a7653a1b87b05 2010.1/x86_64/lib64openssl1.0.0-static-devel-1.0.0a-1.6mdv2010.1.x86_64.rpm 60a8142259ee202b6327e8a2c0f86755 2010.1/x86_64/lib64openssl-engines1.0.0-1.0.0a-1.6mdv2010.1.x86_64.rpm a4c77c129fd43f7918075fadf461fe8b 2010.1/x86_64/openssl-1.0.0a-1.6mdv2010.1.x86_64.rpm 2f28a567af2f44df1fbac7006d27db5d 2010.1/SRPMS/openssl-1.0.0a-1.6mdv2010.1.src.rpm Corporate 4.0: 3f7610ee9ee7aa4b8d1ed3997e28d09b corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.13.20060mlcs4.i586.rpm 25a4686ef5ca8302eebf2f1b4fe67e35 corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.13.20060mlcs4.i586.rpm c5f5a562293eae123b05a96d3ba663d7 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.13.20060mlcs4.i586.rpm e50aac28cc844b0184f3203bb34fa682 corporate/4.0/i586/openssl-0.9.7g-2.13.20060mlcs4.i586.rpm 646cced4e21e4bf657254040ddbc1a47 corporate/4.0/SRPMS/openssl-0.9.7g-2.13.20060mlcs4.src.rpm Corporate 4.0/X86_64: f68f167e440886222c949078044281eb corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.13.20060mlcs4.x86_64.rpm ab7cc2cc749717199afb25c094035945 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.13.20060mlcs4.x86_64.rpm f7f9a378a4e77af084330d2206c86e5e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.13.20060mlcs4.x86_64.rpm fdcc7edc730c1ec56424328cefcbdfae corporate/4.0/x86_64/openssl-0.9.7g-2.13.20060mlcs4.x86_64.rpm 646cced4e21e4bf657254040ddbc1a47 corporate/4.0/SRPMS/openssl-0.9.7g-2.13.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 09c73809185dfb05bd8545e46bb8b215 mes5/i586/libopenssl0.9.8-0.9.8h-3.9mdvmes5.1.i586.rpm cefb1c9e7fbc54ef678c3cbb16fb4983 mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.9mdvmes5.1.i586.rpm 1f1810faa0ec3f1cf298882752826903 mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.9mdvmes5.1.i586.rpm 48ce5b2ac3e114dd33d8274d01baf357 mes5/i586/openssl-0.9.8h-3.9mdvmes5.1.i586.rpm 487d48389d5b8bd2486e29f052749651 mes5/SRPMS/openssl-0.9.8h-3.9mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 4ad42bf2e7beae5a935649df07c000e6 mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.9mdvmes5.1.x86_64.rpm 709be621d6080125c051d9793cb92b26 mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.9mdvmes5.1.x86_64.rpm 000098b8f9b1778bcb3ff01b504e697b mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.9mdvmes5.1.x86_64.rpm ab35ec2ae8b1482722baee700b16f121 mes5/x86_64/openssl-0.9.8h-3.9mdvmes5.1.x86_64.rpm 487d48389d5b8bd2486e29f052749651 mes5/SRPMS/openssl-0.9.8h-3.9mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security

AFFECTED PRODUCTS

CVSS