[ MDVSA-2009:087 ] openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:087
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openssl
Date : April 3, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A security vulnerability has been identified and fixed in OpenSSL,
which could crash applications using OpenSSL library when parsing
malformed certificates (CVE-2009-0590).
The updated packages have been patched to prevent this.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
6b754c91594c65b327d2dba0c7402d55
2008.0/i586/libopenssl0.9.8-0.9.8e-8.3mdv2008.0.i586.rpm
7925aa846daa02085d8261e17f2f5875
2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.3mdv2008.0.i586.rpm
051e206025736be6aca4e5b2a57b8f94
2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.3mdv2008.0.i586.rpm
01f56e6d5ee540090fbee6d34f29e65a
2008.0/i586/openssl-0.9.8e-8.3mdv2008.0.i586.rpm
c70caa3e4c03412a02cc6bbb36902382
2008.0/SRPMS/openssl-0.9.8e-8.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
bffedd1a3568c6756f2a7e208711406b
2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.3mdv2008.0.x86_64.rpm
bdd18bfb34dc3fe03ab0427eaa998762
2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.3mdv2008.0.x86_64.rpm
c1966f47b75d196587ba1bbebeb36de6
2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.3mdv2008.0.x86_64.rpm
2d0ee52fbbe9736e3e36d0af3eccfab4
2008.0/x86_64/openssl-0.9.8e-8.3mdv2008.0.x86_64.rpm
c70caa3e4c03412a02cc6bbb36902382
2008.0/SRPMS/openssl-0.9.8e-8.3mdv2008.0.src.rpm
Mandriva Linux 2008.1:
dc492cf18385aabfb94663b1a121a776
2008.1/i586/libopenssl0.9.8-0.9.8g-4.3mdv2008.1.i586.rpm
bb4d4453048fb8f68fa3d4acaddaa0c8
2008.1/i586/libopenssl0.9.8-devel-0.9.8g-4.3mdv2008.1.i586.rpm
ad22bc2ee1d238606133616104420669
2008.1/i586/libopenssl0.9.8-static-devel-0.9.8g-4.3mdv2008.1.i586.rpm
f7f7edf2ca2e1422d718a40c2c14419b
2008.1/i586/openssl-0.9.8g-4.3mdv2008.1.i586.rpm
e032c64f27cc35e9c72c9ee1d28dfaf3
2008.1/SRPMS/openssl-0.9.8g-4.3mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
77d9d1e7f5dc49dec60c69cc1b028463
2008.1/x86_64/lib64openssl0.9.8-0.9.8g-4.3mdv2008.1.x86_64.rpm
0bcee0a1c173a8f5d8e8adbb81708a6c
2008.1/x86_64/lib64openssl0.9.8-devel-0.9.8g-4.3mdv2008.1.x86_64.rpm
cb5ff411ea8180862e0d411239c76341
2008.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8g-4.3mdv2008.1.x86_64.rpm
02c72439aa06c9310494b17ebc676e0c
2008.1/x86_64/openssl-0.9.8g-4.3mdv2008.1.x86_64.rpm
e032c64f27cc35e9c72c9ee1d28dfaf3
2008.1/SRPMS/openssl-0.9.8g-4.3mdv2008.1.src.rpm
Mandriva Linux 2009.0:
4ec73f053278a9c77ccd62034a1e4c72
2009.0/i586/libopenssl0.9.8-0.9.8h-3.2mdv2009.0.i586.rpm
33da38ad5f20eec511a60b5b476cf241
2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.2mdv2009.0.i586.rpm
70f6020e9fe66badabf815f7256b9718
2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.2mdv2009.0.i586.rpm
8f87c9a8339052d4c261cfd818486c1d
2009.0/i586/openssl-0.9.8h-3.2mdv2009.0.i586.rpm
44980fee28c99bb22012e36e88eeaec7
2009.0/SRPMS/openssl-0.9.8h-3.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
18b0da8ae3998bb143efbe9fbf78282d
2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.2mdv2009.0.x86_64.rpm
01310fb6273e795489023f02d71434d4
2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.2mdv2009.0.x86_64.rpm
2da04ce75c2371f1ee15d94742f00ee6
2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.2mdv2009.0.x86_64.rpm
5529205245e554324f40c87ba665b198
2009.0/x86_64/openssl-0.9.8h-3.2mdv2009.0.x86_64.rpm
44980fee28c99bb22012e36e88eeaec7
2009.0/SRPMS/openssl-0.9.8h-3.2mdv2009.0.src.rpm
Corporate 3.0:
1b58ced1478d63969727c9346305e20d
corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.10.C30mdk.i586.rpm
3ebb9340042ad4fbf9664ba47148fd59
corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.10.C30mdk.i586.rpm
c57397a9e6773866c58d11af8b9599a4
corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.10.C30mdk.i586.rpm
feaecf68067dd7d75cf30790b0702338
corporate/3.0/i586/openssl-0.9.7c-3.10.C30mdk.i586.rpm
47da419d4ed666fcb064635be15a6450
corporate/3.0/SRPMS/openssl-0.9.7c-3.10.C30mdk.src.rpm
Corporate 3.0/X86_64:
c567e5f61d5cae04b02bfa43d307cf95
corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.10.C30mdk.x86_64.rpm
4c487ef9f195ac905d8e27a2ee5a3aad
corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.10.C30mdk.x86_64.rpm
11faa9b02898eaec3d346e56c2c37567
corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.10.C30mdk.x86_64.rpm
0485fbcd4bb28224e6716114eb6dd372
corporate/3.0/x86_64/openssl-0.9.7c-3.10.C30mdk.x86_64.rpm
47da419d4ed666fcb064635be15a6450
corporate/3.0/SRPMS/openssl-0.9.7c-3.10.C30mdk.src.rpm
Corporate 4.0:
72db90b1c8362f8122bb29101e8f7ea3
corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.8.20060mlcs4.i586.rpm
2957dac9e5461336cf68433f4b147de1
corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.8.20060mlcs4.i586.rpm
e0f441e9cf9c18321f4e8b3099c2df5a
corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.8.20060mlcs4.i586.rpm
4a020ff36ff58d2ae9ccfc852f265d1d
corporate/4.0/i586/openssl-0.9.7g-2.8.20060mlcs4.i586.rpm
12bd0d350017d5ad4930beaad07e2a92
corporate/4.0/SRPMS/openssl-0.9.7g-2.8.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
b8c7201ae9c41aa0f391f877da24e312
corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.8.20060mlcs4.x86_64.rpm
d9329b8d694a37cd24d3e2373eb02066
corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.8.20060mlcs4.x86_64.rpm
e9c6bd67410f238a0b775361e08e7af3
corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.8.20060mlcs4.x86_64.rpm
88d42200e0464824e003ce4451a175e7
corporate/4.0/x86_64/openssl-0.9.7g-2.8.20060mlcs4.x86_64.rpm
12bd0d350017d5ad4930beaad07e2a92
corporate/4.0/SRPMS/openssl-0.9.7g-2.8.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
74728af83737762b744092597629e1db
mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.10.C30mdk.i586.rpm
0de1c4403ddbba33f21a99e2879af9cc
mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.10.C30mdk.i586.rpm
3b79e5cdb909115e3770ee59a17f757a
mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.10.C30mdk.i586.rpm
39b67cff96aaa016f119d5ddff312f54
mnf/2.0/i586/openssl-0.9.7c-3.10.C30mdk.i586.rpm
1201abd42759b7e5a0d96aa4f96a9dd1
mnf/2.0/SRPMS/openssl-0.9.7c-3.10.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ1mJMmqjQ0CJFipgRAq43AJ427ntOrRUUUgRlx1AwCldUE/rFygCfQu5Y
I9/Hqbyeksi2w0SLyVMPeMw=
=+BmT
-----END PGP SIGNATURE-----