openssl-0.9.8e-12AXS3

エラータID: AXSA:2009-388:03

Release date: 
Tuesday, September 8, 2009 - 20:00
Subject: 
openssl-0.9.8e-12AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.
Fixed security bugs:
CVE-2009-0590
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
CVE-2009-1377
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug.
CVE-2009-1378
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak.
CVE-2009-1379
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
CVE-2009-1386
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
CVE-2009-1387
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a fragment bug.

Solution: 

Update packages.

CVEs: 
CVE-2009-0590
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
CVE-2009-1377
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
CVE-2009-1378
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
CVE-2009-1379
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
CVE-2009-1386
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
CVE-2009-1387
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."




Additional Info: 

N/A

Download: 

SRPMS
  1. openssl-0.9.8e-12AXS3.src.rpm
    MD5: f7e6a520e0dd64673848f202b46451fb
    SHA-256: 53228749fd1476d10117bc590849c4f1c1e769a5ef969eac798775dd9e05d403
    Size: 3.09 MB

Asianux Server 3 for x86
  1. openssl-0.9.8e-12AXS3.i686.rpm
    MD5: e4f536c21a09dbb78fd0901011401769
    SHA-256: 4f79f35cec4f464398f573dc86d97509de11377a06101cbad3210def10506882
    Size: 1.43 MB
  2. openssl-0.9.8e-12AXS3.i386.rpm
    MD5: b63b8e68cd9a588c80e0acdfca50b005
    SHA-256: d29cda7b55eff687816f63c510f9c8f1a0d1f37b3135496760461e8a05e64d81
    Size: 1.45 MB
  3. openssl-devel-0.9.8e-12AXS3.i386.rpm
    MD5: d5c7599a63daf848f3785a7822b607dc
    SHA-256: cb3caee76f2e38ff637aa4b6dc3bed9ae67b1c8341989077736de2b10d087c37
    Size: 1.89 MB
  4. openssl-perl-0.9.8e-12AXS3.i386.rpm
    MD5: 6bdfd3e2676084cfe30cfb7d8059186b
    SHA-256: 24ebae63e86b5edacf36a185c119deceefca5b074c8cd02b76a2e74a37e0d5a0
    Size: 33.83 kB

Asianux Server 3 for x86_64
  1. openssl-0.9.8e-12AXS3.x86_64.rpm
    MD5: d9d5bf7ea8d414de4a187c9c7a98c285
    SHA-256: ad35ab094d9dbe29409b9317983026aa786603a9edd9cc9cc92460e75da8114a
    Size: 1.43 MB
  2. openssl-devel-0.9.8e-12AXS3.x86_64.rpm
    MD5: ddcf23ee4f99a52c9422832cc3efee73
    SHA-256: e4b7a985cc819cfd4c7f88c23340206b2289fc60f7b112bda2b73618c8a55bc0
    Size: 1.87 MB
  3. openssl-perl-0.9.8e-12AXS3.x86_64.rpm
    MD5: 0172b323ed22d388e4226ae4b39e8334
    SHA-256: 880ba0dcd783fe15e8ee5ac1ce780539111c6879f6f1568626bc7d4a746f5b6c
    Size: 33.79 kB