[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] ALERT: remote root exploit in openssl library

To: linux-security
Subject: [linux-security] ALERT: remote root exploit in openssl library
From: Martin Siegert <siegert@sfu.ca>
Date: Fri, 9 Aug 2002 14:22:56 -0700
In-Reply-To: <20020731023553.GA23468@stikine.ucs.sfu.ca>
References: <20020730190139.GA22287@stikine.ucs.sfu.ca> <20020731023553.GA23468@stikine.ucs.sfu.ca>
User-Agent: Mutt/1.4i

On Tue, Jul 30, 2002 at 12:01:39PM -0700, Martin Siegert wrote:
> Topic
> =====
> buffer overflow in openssl library may lead to remote root exploit
> 
> Solution
> ========
> upgrade to openssl-0.9.6e (or patched version for your distribution)

Problem Description
===================
The original patch from the OpenSSL team had a mistake in
it which could possibly still allow buffer overflows to occur. 
Thus, the openssl must be upgraded once more.

After the upgrade you should restart every daemon that uses the openssl
library, in particular sshd and (if you are running a web server httpd).

Affected Systems
================
Systems using openssl version 0.9.6e or earlier.

Solution
========
Upgrade to openssl-0.9.6f or later (or to patched version for your
distribution)

RedHat 6.x
----------
rpm -Fvh openssl-0.9.5a-29.i386.rpm \
         openssl-devel-0.9.5a-29.i386.rpm \
         openssl-perl-0.9.5a-29.i386.rpm \
         openssl-python-0.9.5a-29.i386.rpm

RedHat 7.0, 7.1
---------------
rpm -Fvh openssl-0.9.6-13.i386.rpm \
         openssl-devel-0.9.6-13.i386.rpm \
         openssl-perl-0.9.6-13.i386.rpm \
         openssl-python-0.9.6-13.i386.rpm \
         openssl095a-0.9.5a-18.i386.rpm

RedHat 7.2, 7.3
---------------
rpm -Fvh openssl-0.9.6b-28.<arch>.rpm \
         openssl-devel-0.9.6b-28.i386.rpm \
         openssl-perl-0.9.6b-28.i386.rpm \
         openssl096-0.9.6-13.i386.rpm \
         openssl095a-0.9.5a-18.i386.rpm

where <arch> is either i386 or i686.

Mandrake 7.1
------------
rpm -Fvh openssl-0.9.5a-4.4mdk.i586.rpm \
         openssl-devel-0.9.5a-4.4mdk.i586.rpm

Mandrake 7.2
------------
rpm -Fvh openssl-0.9.5a-9.3mdk.i586.rpm \
         openssl-devel-0.9.5a-9.3mdk.i586.rpm

Mandrake 8.0
------------
rpm -Fvh openssl-0.9.6-8.3mdk.i586.rpm \
         openssl-devel-0.9.6-8.3mdk.i586.rpm

Mandrake 8.1
------------
rpm -Fvh openssl-0.9.6b-1.3mdk.i586.rpm \
         libopenssl0-0.9.6b-1.3mdk.i586.rpm \
         libopenssl0-devel-0.9.6b-1.3mdk.i586.rpm

Mandrake 8.2
------------
rpm -Fvh openssl-0.9.6c-2.3mdk.i586.rpm \
         libopenssl0-0.9.6c-2.3mdk.i586.rpm \
         libopenssl0-devel-0.9.6c-2.3mdk.i586.rpm

Follow-Ups:
- Re: [linux-security] ALERT: remote root exploit in openssl library (Debian)
  - From: Martin Siegert <siegert@sfu.ca>

References:
- [linux-security] ALERT: remote root exploit in openssl library
  - From: Martin Siegert <siegert@sfu.ca>
- [linux-security] ALERT: remote root exploit in openssl library (SuSE, Mandrake)
  - From: Martin Siegert <siegert@sfu.ca>
- [linux-security] ALERT: remote root exploit in openssl library (SuSE, Mandrake)
  - From: Martin Siegert <siegert@sfu.ca>

Prev by Date: [linux-security] mm temp file vulnerability
Next by Date: [linux-security] buffer overflow in resolver library functions (RedHat addendum)
Prev by thread: [linux-security] ALERT: remote root exploit in openssl library (SuSE, Mandrake)
Next by thread: Re: [linux-security] ALERT: remote root exploit in openssl library (Debian)
Index(es):
- Date
- Thread