Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2012:073 ] openssl
From: security () mandriva com
Date: Fri, 11 May 2012 15:34:00 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:073
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : openssl
 Date    : May 11, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in openssl:
 
 A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can
 be exploited in a denial of service attack on both clients and servers
 (CVE-2012-2333).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333
 http://www.openssl.org/news/secadv_20120510.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 8866fcb4196eb1c2b79e748389c1443c  2010.1/i586/libopenssl0.9.8-0.9.8x-0.1mdv2010.2.i586.rpm 
 bd6c7dd96f536c4ec97f57e9b580039b  2010.1/SRPMS/openssl0.9.8-0.9.8x-0.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 bff80e93a38d93e49b7a11bb17a9fc70  2010.1/x86_64/lib64openssl0.9.8-0.9.8x-0.1mdv2010.2.x86_64.rpm 
 bd6c7dd96f536c4ec97f57e9b580039b  2010.1/SRPMS/openssl0.9.8-0.9.8x-0.1mdv2010.2.src.rpm

 Mandriva Linux 2011:
 19caf1a1a78056bce3ba1c9d4f1d0415  2011/i586/libopenssl1.0.0-1.0.0d-2.6-mdv2011.0.i586.rpm
 02aa551535710c0d9803449c1802dbfa  2011/i586/libopenssl-devel-1.0.0d-2.6-mdv2011.0.i586.rpm
 3555729a0e0009a0764e942dfeee68d8  2011/i586/libopenssl-engines1.0.0-1.0.0d-2.6-mdv2011.0.i586.rpm
 502a554614d25909a184c0da675cbba8  2011/i586/libopenssl-static-devel-1.0.0d-2.6-mdv2011.0.i586.rpm
 01b3d6af849b464706b89caceaed0d79  2011/i586/openssl-1.0.0d-2.6-mdv2011.0.i586.rpm 
 937b9e875720421f40755c25ea632ea5  2011/SRPMS/openssl-1.0.0d-2.6.src.rpm

 Mandriva Linux 2011/X86_64:
 9a9ae392fb95474723642fdf96f4f142  2011/x86_64/lib64openssl1.0.0-1.0.0d-2.6-mdv2011.0.x86_64.rpm
 bd72ce2cec3d54cea1cebc330f99b8b9  2011/x86_64/lib64openssl-devel-1.0.0d-2.6-mdv2011.0.x86_64.rpm
 cc5a547f2ba9050167033a5577028a6b  2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.6-mdv2011.0.x86_64.rpm
 e4c484c9ce59772c5db0dcce8fd1a089  2011/x86_64/lib64openssl-static-devel-1.0.0d-2.6-mdv2011.0.x86_64.rpm
 2627947f2918036433adb94b1e3fb969  2011/x86_64/openssl-1.0.0d-2.6-mdv2011.0.x86_64.rpm 
 937b9e875720421f40755c25ea632ea5  2011/SRPMS/openssl-1.0.0d-2.6.src.rpm

 Mandriva Enterprise Server 5:
 eac9b4f5fbe83b963c739ceab0802b23  mes5/i586/libopenssl0.9.8-0.9.8h-3.16mdvmes5.2.i586.rpm
 69fca6182cdc0dab36bf3c9749ebb29a  mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.16mdvmes5.2.i586.rpm
 de51afae564823dc53fa03c93b0600db  mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.16mdvmes5.2.i586.rpm
 1f28862f4a82c608bdfd7a33acc4886e  mes5/i586/openssl-0.9.8h-3.16mdvmes5.2.i586.rpm 
 5010c18bde45e7521094adc6830bacaf  mes5/SRPMS/openssl-0.9.8h-3.16mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 e96273b6039706744defbd92900ef1b8  mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.16mdvmes5.2.x86_64.rpm
 7670ac7b6ebf786327d8dbe7c29be516  mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.16mdvmes5.2.x86_64.rpm
 13631cb5321b44a4efdcb5ea405836c9  mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.16mdvmes5.2.x86_64.rpm
 7804bf621b5b1783dd1bd505ac62317a  mes5/x86_64/openssl-0.9.8h-3.16mdvmes5.2.x86_64.rpm 
 5010c18bde45e7521094adc6830bacaf  mes5/SRPMS/openssl-0.9.8h-3.16mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPrOcmmqjQ0CJFipgRAqiVAKDwDZp9x3Zbo1gcmVDO5AEBWJGQJQCggX0g
kxu88BU+DoJuQmuWBZyTT4I=
=N2/S
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2012:073 ] openssl security (May 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]