Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:147 - Updated openssl packages fix temporary file vulnerability
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 7 Dec 2004 02:49:51 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           openssl
 Advisory ID:            MDKSA-2004:147
 Date:                   December 6th, 2004

 Affected versions:      10.0, 10.1, 9.2, Corporate Server 2.1,
                         Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 The Trustix developers found that the der_chop script, included in the
 openssl package, created temporary files insecurely.  This could allow
 local users to overwrite files using a symlink attack.
 
 The updated packages have been patched to prevent this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0975
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 c0d41b5423a09f01decc40e84fd005cb  10.0/RPMS/libopenssl0.9.7-0.9.7c-3.1.100mdk.i586.rpm
 82b573c6825f9a3abdd8a23da2fe7c2c  10.0/RPMS/libopenssl0.9.7-devel-0.9.7c-3.1.100mdk.i586.rpm
 7c4e0ddd161ae064928c3f3563a2dc4e  10.0/RPMS/libopenssl0.9.7-static-devel-0.9.7c-3.1.100mdk.i586.rpm
 d4d97f7b45004bd8d69ef90bce972442  10.0/RPMS/openssl-0.9.7c-3.1.100mdk.i586.rpm
 f09ed46ce152ac3396ce5a4a4b2036d0  10.0/SRPMS/openssl-0.9.7c-3.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 d9d9037cf0170a9e6ef1702f3e786b8a  amd64/10.0/RPMS/lib64openssl0.9.7-0.9.7c-3.1.100mdk.amd64.rpm
 cfa623fa40be35d5cc99053bafd625c1  amd64/10.0/RPMS/lib64openssl0.9.7-devel-0.9.7c-3.1.100mdk.amd64.rpm
 0098601eae49e65ee1fae0283bc4ffff  amd64/10.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7c-3.1.100mdk.amd64.rpm
 06d845c07b46356cef699f94a67b9bc0  amd64/10.0/RPMS/openssl-0.9.7c-3.1.100mdk.amd64.rpm
 f09ed46ce152ac3396ce5a4a4b2036d0  amd64/10.0/SRPMS/openssl-0.9.7c-3.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 ae229d9586ea295545e577960ecfc9d5  10.1/RPMS/libopenssl0.9.7-0.9.7d-1.1.101mdk.i586.rpm
 66d4393ab8ad6c72242fe03676d452bb  10.1/RPMS/libopenssl0.9.7-devel-0.9.7d-1.1.101mdk.i586.rpm
 003f9c7ba693314fe0cfd5c91f0d154b  10.1/RPMS/libopenssl0.9.7-static-devel-0.9.7d-1.1.101mdk.i586.rpm
 00e24e1fa79a339a5e1a92d9c2996082  10.1/RPMS/openssl-0.9.7d-1.1.101mdk.i586.rpm
 5c453b0349f604e2955a889f624982d6  10.1/SRPMS/openssl-0.9.7d-1.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 45a998be7caf5d54a7a8a106e2e6cf9a  x86_64/10.1/RPMS/lib64openssl0.9.7-0.9.7d-1.1.101mdk.x86_64.rpm
 000606c0fde3660e4c623f1ddb319e47  x86_64/10.1/RPMS/lib64openssl0.9.7-devel-0.9.7d-1.1.101mdk.x86_64.rpm
 f75779760ee204bbfaab4173575964cd  x86_64/10.1/RPMS/lib64openssl0.9.7-static-devel-0.9.7d-1.1.101mdk.x86_64.rpm
 81457d174401f6033cb03a9404145278  x86_64/10.1/RPMS/openssl-0.9.7d-1.1.101mdk.x86_64.rpm
 5c453b0349f604e2955a889f624982d6  x86_64/10.1/SRPMS/openssl-0.9.7d-1.1.101mdk.src.rpm

 Corporate Server 2.1:
 63355bf82d2b54f08a970383c9c5192c  corporate/2.1/RPMS/libopenssl0-0.9.6i-1.8.C21mdk.i586.rpm
 9d557d9105a7a2d1b1026543d6fedf2c  corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.8.C21mdk.i586.rpm
 0929ca75a91cd5c4f553329aa7e818a8  corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.8.C21mdk.i586.rpm
 2cd8e70cc5c66c4797392e4ea3a0348f  corporate/2.1/RPMS/openssl-0.9.6i-1.8.C21mdk.i586.rpm
 337b3ad1c49fc5e91f2d72ea6a493868  corporate/2.1/SRPMS/openssl-0.9.6i-1.8.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 1fb93ddabdccd9edd724e7d6818e7299  x86_64/corporate/2.1/RPMS/libopenssl0-0.9.6i-1.8.C21mdk.x86_64.rpm
 acfe2f603298bae71c4f35a928d9ba88  x86_64/corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.8.C21mdk.x86_64.rpm
 daf31defd9c4b27bf28581bd7ed7fd2c  x86_64/corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.8.C21mdk.x86_64.rpm
 cade4a4db47d263c6660591d1bf9d5a1  x86_64/corporate/2.1/RPMS/openssl-0.9.6i-1.8.C21mdk.x86_64.rpm
 337b3ad1c49fc5e91f2d72ea6a493868  x86_64/corporate/2.1/SRPMS/openssl-0.9.6i-1.8.C21mdk.src.rpm

 Mandrakelinux 9.2:
 f014f2318e559b7cfc5fc5bd2a010b67  9.2/RPMS/libopenssl0.9.7-0.9.7b-5.1.92mdk.i586.rpm
 db4c7a4d97015c04a03ed69fa8d9c941  9.2/RPMS/libopenssl0.9.7-devel-0.9.7b-5.1.92mdk.i586.rpm
 1368b0bf03dcebb17b6f1d5359411d8b  9.2/RPMS/libopenssl0.9.7-static-devel-0.9.7b-5.1.92mdk.i586.rpm
 369d6104e62dc23e23c2d9f05e0d03db  9.2/RPMS/openssl-0.9.7b-5.1.92mdk.i586.rpm
 9389817df3eb169e26536635c129e853  9.2/SRPMS/openssl-0.9.7b-5.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 a0f963c1ab90037dcdf57dba1337e48d  amd64/9.2/RPMS/lib64openssl0.9.7-0.9.7b-5.1.92mdk.amd64.rpm
 587ef4344175ab4532e0e569ea733df3  amd64/9.2/RPMS/lib64openssl0.9.7-devel-0.9.7b-5.1.92mdk.amd64.rpm
 4638c1af2de29459e2c1fae27fd28659  amd64/9.2/RPMS/lib64openssl0.9.7-static-devel-0.9.7b-5.1.92mdk.amd64.rpm
 18d875fb53f6b5c0adfc22fed5193645  amd64/9.2/RPMS/openssl-0.9.7b-5.1.92mdk.amd64.rpm
 9389817df3eb169e26536635c129e853  amd64/9.2/SRPMS/openssl-0.9.7b-5.1.92mdk.src.rpm

 Multi Network Firewall 8.2:
 eeaeae17ef647b22de71170105190f87  mnf8.2/RPMS/libopenssl0-0.9.6i-1.7.M82mdk.i586.rpm
 b3ffacae8b78391fcc30267a3f252223  mnf8.2/RPMS/openssl-0.9.6i-1.7.M82mdk.i586.rpm
 aa558b895ae77092ae29dec127a5a2a0  mnf8.2/SRPMS/openssl-0.9.6i-1.7.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBtRpPmqjQ0CJFipgRAnLGAJ40aJv0gDgCf/7QiE5gDyAYQKJb3QCgoNqJ
MnN19RFVMvpGf4RIRSM1/f4=
=ZLB+
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:147 - Updated openssl packages fix temporary file vulnerability Mandrake Linux Security Team (Dec 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]