From security-announce@turbolinux.co.jp Wed Oct 1 18:05:51 2003 From: Turbolinux Resent-From: security-announce@turbolinux.co.jp To: security-announce@turbolinux.co.jp Resent-To: server-users-e@turbolinux.co.jp (moderated) Date: Wed, 1 Oct 2003 19:35:31 +0900 Reply-To: server-users-e@turbolinux.co.jp Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 01/Oct/2003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 01/Oct/2003 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) openssl -> DoS vulnerability in openssl =========================================================== * openssl -> DoS vulnerability in openssl =========================================================== More information : The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Unusual ASN.1 tag values can cause an out of bounds read under certain circumstances, resulting in a denial of service vulnerability. Impact : The vulnerability allow an attacker can cause to denial of service of the openssl. Affected Products : - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation - Turbolinux Server 6.5 - Turbolinux Advanced Server 6 - Turbolinux Server 6.1 - Turbolinux Workstation 6.0 Solution : Please use turbopkg(zabom) tool to apply the update. --------------------------------------------- # turbopkg or # zabom update openssl openssl-devel --------------------------------------------- Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssl-0.9.6k-2.src.rpm 2263218 7c7271e7263b1fc39847f5dd097dfac8 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-0.9.6k-2.i586.rpm 1366934 0f92e0d644d5ee1e44b31bcf531e1d8c ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-devel-0.9.6k-2.i586.rpm 1156710 584a99ceae84e0f457326b2fee6e06f1 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/openssl-0.9.6k-2.src.rpm 2263218 7f36441af28ed717ba65176c7b66680e Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssl-0.9.6k-2.i586.rpm 1367811 6526ca70ae9d6593e8be87bc193089d7 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssl-devel-0.9.6k-2.i586.rpm 1156964 30f36c1d28481a8243ff38308efc7b1e Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/openssl-0.9.6k-2.src.rpm 2263218 834875cad5d1b9e7bbf316470728f97b Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssl-0.9.6k-2.i586.rpm 1335850 57efa60311c81b5af0f3721e08bf05ef ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssl-devel-0.9.6k-2.i586.rpm 1138724 b7a90942f1e81066443d94e921476f21 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/openssl-0.9.6k-2.src.rpm 2263218 4df3af6b3df204ff0fae655646cec9ae Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssl-0.9.6k-2.i586.rpm 1335646 e76c5ddc5ff49b3ffeaf704179bb1cf1 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssl-devel-0.9.6k-2.i586.rpm 1139634 702820b81eface29fdc6e7a8092674bc Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/openssl-0.9.6k-2.src.rpm 2263218 5f069ba70311d673515b6cc572748e3b Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssl-0.9.6k-2.i386.rpm 1466551 612a0925a8b7e276fb4ee2e867f86f61 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssl-devel-0.9.6k-2.i386.rpm 1273363 d466f3b0414335a8fde5243e714fc26b Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/openssl-0.9.6k-2.src.rpm 2263218 1ffa548a309f2da23f917e0d103d55e3 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssl-0.9.6k-2.i386.rpm 1466406 96f2960852682c5e42d14ac7d30d2647 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssl-devel-0.9.6k-2.i386.rpm 1273378 a32d760d95ceaeaf5167ee01d7c99772 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/openssl-0.9.6k-2.src.rpm 2263218 3fdbc119547bc30c5e1af46392ca7afb Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssl-0.9.6k-2.i386.rpm 1466596 6d44f572db79d5535b79411009f2ab02 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssl-devel-0.9.6k-2.i386.rpm 1273288 ed611659b314586557906d8399eab7a2 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/openssl-0.9.6k-2.src.rpm 2263218 863c8205dfe5f817078f8a7406560130 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssl-0.9.6k-2.i386.rpm 1466434 50bf1498d8c232928685b49c22ca9e98 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssl-devel-0.9.6k-2.i386.rpm 1273442 067ac26f535ffe4c60948443347a13db References : OepnSSL org [OpenSSL Security Advisory [30 September 2003]] http://www.openssl.org/news/secadv_20030930.txt CVE [CAN-2003-0543] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 [CAN-2003-0544] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544 Turbolinux Security Advisory [TLSA-2003-22] http://www.turbolinux.com/security/TLSA-2003-22.txt -------------------------------------------------------------------------- Revision History 01 Oct 2003 Initial release -------------------------------------------------------------------------- * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/eq32K0LzjOqIJMwRAgWfAJ9qaZXGF6svuHn2jm7jG9L+AMJC3QCgt9Zk NVDA46RnVaowRJsUbcM3+tg= =Ofy/ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html