openssl-0.9.8e-12.AXS3.1

エラータID: AXSA:2010-70:01

Release date: 
Friday, January 22, 2010 - 14:06
Subject: 
openssl-0.9.8e-12.AXS3.1
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.
CVE-2009-2409
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
CVE-2009-4355
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_free_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.

Solution: 

Update packages.

CVEs: 
CVE-2009-2409
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
CVE-2009-4355
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
Additional Info: 

N/A

Download: 

SRPMS
  1. openssl-0.9.8e-12.AXS3.1.src.rpm
    MD5: 48b7b5ed140a4d948854ded9bb034fa0
    SHA-256: dfbbcc87ee0d40640e9a1b23d8789430b968579df1900484ff8232fc99cb6705
    Size: 3.09 MB

Asianux Server 3 for x86
  1. openssl-0.9.8e-12.AXS3.1.i686.rpm
    MD5: ea63d54a75cc31bca92a0dfa204dade3
    SHA-256: 02a88cbd61ab4245ac320a0ad463ab57e5683afd3f483e2b6fe52e8ef5ac0220
    Size: 1.43 MB
  2. openssl-0.9.8e-12.AXS3.1.i386.rpm
    MD5: a61c811c3ac3d24c7f2146c68901fb44
    SHA-256: 148351657cce10ae993c77405260a21188c9e5d52646bc57dddb6498e3db048d
    Size: 1.45 MB
  3. openssl-devel-0.9.8e-12.AXS3.1.i386.rpm
    MD5: d6c37867c6da74eecba077cd74872025
    SHA-256: 8399c9c71102cf31a61d57cc721b4c4b052d688590aebe852c3e712b919c1150
    Size: 1.89 MB
  4. openssl-perl-0.9.8e-12.AXS3.1.i386.rpm
    MD5: 3032920ba4781359fdda2aae0c365417
    SHA-256: e39aaf1311030d9c2b1d9d40c9bba769478c2802cb10b7f95d5a700b0dbba868
    Size: 34.08 kB

Asianux Server 3 for x86_64
  1. openssl-0.9.8e-12.AXS3.1.x86_64.rpm
    MD5: fc795ae598d72560a2f5290b339d73b5
    SHA-256: b8cc2d17f427096cf6cfabb5e970c41eff1816fe17445af9f293c7c5287fce45
    Size: 1.43 MB
  2. openssl-devel-0.9.8e-12.AXS3.1.x86_64.rpm
    MD5: 5a6ac924e200a46c4b0b8e3dad5907b2
    SHA-256: 9f078681760a9d363bd45f87dbe0bcc34972d6d5bbc97a8456a001bec99c78f1
    Size: 1.87 MB
  3. openssl-perl-0.9.8e-12.AXS3.1.x86_64.rpm
    MD5: 3c000e7c0dba8f22a89cdb1c29e183ed
    SHA-256: b367dba1751abd5e54f9cff94253d27d656543ece114cbd17db1cf4909c21ac0
    Size: 34.03 kB