|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Tawie Server Linux Security Advisory #2003-0003 Package name: openssl Summary: Potential DOS Date: 2003-10-03 Affected versions: TSL 1.2, 1.5 - -------------------------------------------------------------------------- Package description: A C library that provides various crytographic algorithms and protocols, including DES, RC4, RSA, and SSL. Includes shared libraries. Problem description: Patrik Hornik announced a potential DOS in older versions of openssl: <URL: http://www.ebitech.sk/patrik/SA/SA-20031002.txt> RedHat did silently fix this issue some time ago, and announced it later on. We have updated the packages in both trustix 1.2, 1.5 and tawie 1.2, 1.5, as they are security related, using the redhat patches. Action: We recommend that all systems with this package installed be upgraded. Location: All TSL updates are available from <URI:http://http.tawie.org/pub/tawie/updates/> <URI:ftp://ftp.tawie.org/pub/tawie/updates/> About Tawie Server Linux: Tawie Server Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Public testing: If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree for TSL 2.0 is located at <URI:http://tsldev.tawie.org/cloud/> You may also use swup for public testing of updates: site { class = 0 location = "http://tsldev.tawie.org/cloud/rdfs/latest.rdf" regexp = ".*" } Questions? Check out our mailing lists: <URI:http://www.tawie.net/support/> Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:http://www.tawie.net/TSL-SIGN-KEY> The advisory itself is available from the errata pages at <URI:http://www.tawie.net/errata/tawie-1.2/>, <URI:http://www.tawie.net/errata/tawie-1.5/> or directly at <URI:http://www.tawie.net/errata/misc/tawie-2003/TSL-2003-0003-openssl.asc.txt> MD5sums of the packages: - -------------------------------------------------------------------------- f95ba83b4585917085e4286fe7690f82 ./1.5/SRPMS/openssl-0.9.6-16tr.src.rpm da305a520b51839cf688dcde12d5e07e ./1.5/RPMS/openssl-support-0.9.6-16tr.i586.rpm 17e45edd433b4a4d1e97e3d317a84a9b ./1.5/RPMS/openssl-python-0.9.6-16tr.i586.rpm 1f78097ee782512493cc02c0921bb387 ./1.5/RPMS/openssl-devel-0.9.6-16tr.i586.rpm 689052c70fe5ad24b7fd3be8cb19295e ./1.5/RPMS/openssl-0.9.6-16tr.i586.rpm f95ba83b4585917085e4286fe7690f82 ./1.2/SRPMS/openssl-0.9.6-16tr.src.rpm 96aed74c397ce676bf9d1564a0e7cb15 ./1.2/RPMS/openssl-support-0.9.6-16tr.i586.rpm d1e5b310ca6259a306a0c17503fa6c3c ./1.2/RPMS/openssl-python-0.9.6-16tr.i586.rpm 0ed2028a3ecf1f1d780400f8827dd36b ./1.2/RPMS/openssl-devel-0.9.6-16tr.i586.rpm 33d3c334f30bf8397eb4742fa159e525 ./1.2/RPMS/openssl-0.9.6-16tr.i586.rpm - -------------------------------------------------------------------------- Tawie Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/fagsu9Q/LWRYgjERAnk2AJ9nK0I2U6iNgkWBwvy6gs9fGwut2ACdHwbT tIWp8J67G7rwuruB8+PMQNY= =QOm8 -----END PGP SIGNATURE-----