openssl097a-0.9.7a-9.AXS3.2

エラータID: AXSA:2010-157:01

Release date: 
Friday, March 26, 2010 - 15:53
Subject: 
openssl097a-0.9.7a-9.AXS3.2
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.
Security issues fixed with this release:
CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a 'plaintext injection' attack, aka the 'Project Mogul' issue.

Solution: 

Update packages.

CVEs: 
CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.


Additional Info: 

N/A

Download: 

SRPMS
  1. openssl097a-0.9.7a-9.AXS3.2.src.rpm
    MD5: 3d4171e0d12e4753a7057f1693f38b69
    SHA-256: 8b3838f700a875cdcbd1395735e1d5c0b6de73019b6f0089e37991de8b93fa5e
    Size: 2.65 MB

Asianux Server 3 for x86
  1. openssl097a-0.9.7a-9.AXS3.2.i386.rpm
    MD5: dff31e1a3b630b8e5900e00f586b4a14
    SHA-256: 145e8fd98600420c5c86d162708dae2c7701369a49032f50304d230ca3d1185d
    Size: 822.52 kB

Asianux Server 3 for x86_64
  1. openssl097a-0.9.7a-9.AXS3.2.x86_64.rpm
    MD5: 06d505e2fcad2727f894578131f6d041
    SHA-256: 645f212543c368162a8468dcb822699d9da91b92b233d149b51a78d7ab114e48
    Size: 823.75 kB