Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[TURBOLINUX SECURITY INFO] 01/Oct/2003
From: Turbolinux <security-announce () turbolinux co jp>
Date: Wed, 1 Oct 2003 19:35:31 +0900

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 01/Oct/2003
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) openssl -> DoS vulnerability in openssl


===========================================================
* openssl -> DoS vulnerability in openssl
===========================================================

 More information :
    The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade,
    full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
    and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. 
    Unusual ASN.1 tag values can cause an out of bounds read under certain circumstances,
    resulting in a denial of service vulnerability.

 Impact :
    The vulnerability allow an attacker can cause to denial of service of the openssl.

 Affected Products :
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0


 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
 # zabom update openssl openssl-devel
 ---------------------------------------------


 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssl-0.9.6k-2.src.rpm
      2263218 7c7271e7263b1fc39847f5dd097dfac8

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-0.9.6k-2.i586.rpm
      1366934 0f92e0d644d5ee1e44b31bcf531e1d8c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-devel-0.9.6k-2.i586.rpm
      1156710 584a99ceae84e0f457326b2fee6e06f1

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/openssl-0.9.6k-2.src.rpm
      2263218 7f36441af28ed717ba65176c7b66680e

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssl-0.9.6k-2.i586.rpm
      1367811 6526ca70ae9d6593e8be87bc193089d7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssl-devel-0.9.6k-2.i586.rpm
      1156964 30f36c1d28481a8243ff38308efc7b1e

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/openssl-0.9.6k-2.src.rpm
      2263218 834875cad5d1b9e7bbf316470728f97b

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssl-0.9.6k-2.i586.rpm
      1335850 57efa60311c81b5af0f3721e08bf05ef
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssl-devel-0.9.6k-2.i586.rpm
      1138724 b7a90942f1e81066443d94e921476f21

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/openssl-0.9.6k-2.src.rpm
      2263218 4df3af6b3df204ff0fae655646cec9ae

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssl-0.9.6k-2.i586.rpm
      1335646 e76c5ddc5ff49b3ffeaf704179bb1cf1
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssl-devel-0.9.6k-2.i586.rpm
      1139634 702820b81eface29fdc6e7a8092674bc

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/openssl-0.9.6k-2.src.rpm
      2263218 5f069ba70311d673515b6cc572748e3b

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssl-0.9.6k-2.i386.rpm
      1466551 612a0925a8b7e276fb4ee2e867f86f61
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssl-devel-0.9.6k-2.i386.rpm
      1273363 d466f3b0414335a8fde5243e714fc26b

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/openssl-0.9.6k-2.src.rpm
      2263218 1ffa548a309f2da23f917e0d103d55e3

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssl-0.9.6k-2.i386.rpm
      1466406 96f2960852682c5e42d14ac7d30d2647
   
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssl-devel-0.9.6k-2.i386.rpm
      1273378 a32d760d95ceaeaf5167ee01d7c99772

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/openssl-0.9.6k-2.src.rpm
      2263218 3fdbc119547bc30c5e1af46392ca7afb

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssl-0.9.6k-2.i386.rpm
      1466596 6d44f572db79d5535b79411009f2ab02
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssl-devel-0.9.6k-2.i386.rpm
      1273288 ed611659b314586557906d8399eab7a2

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/openssl-0.9.6k-2.src.rpm
      2263218 863c8205dfe5f817078f8a7406560130

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssl-0.9.6k-2.i386.rpm
      1466434 50bf1498d8c232928685b49c22ca9e98
   
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssl-devel-0.9.6k-2.i386.rpm
      1273442 067ac26f535ffe4c60948443347a13db


 References :

 OepnSSL org
   [OpenSSL Security Advisory [30 September 2003]]
   http://www.openssl.org/news/secadv_20030930.txt

 CVE
   [CAN-2003-0543]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543
   [CAN-2003-0544]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544

 Turbolinux Security Advisory
   [TLSA-2003-22]
   http://www.turbolinux.com/security/TLSA-2003-22.txt


 --------------------------------------------------------------------------
 Revision History
    01 Oct 2003 Initial release
 --------------------------------------------------------------------------


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl () turbolinux co jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl () turbolinux co jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info () turbolinux co jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/eq32K0LzjOqIJMwRAgWfAJ9qaZXGF6svuHn2jm7jG9L+AMJC3QCgt9Zk
NVDA46RnVaowRJsUbcM3+tg=
=Ofy/
-----END PGP SIGNATURE-----



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • [TURBOLINUX SECURITY INFO] 01/Oct/2003 Turbolinux (Oct 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault