openssl-1.0.0-20.AXS4.1

エラータID: AXSA:2012-76:02

Release date: 
Monday, February 6, 2012 - 21:06
Subject: 
openssl-1.0.0-20.AXS4.1
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.
Security issues fixed with this release:
CVE-2011-4108
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
CVE-2011-4576
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
CVE-2011-4577
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.
CVE-2011-4619
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors.

Solution: 

Update packages.

CVEs: 
CVE-2011-4619
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
CVE-2011-4577
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.
CVE-2011-4576
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
CVE-2011-4108
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.


Additional Info: 

N/A

Download: 

SRPMS
  1. openssl-1.0.0-20.AXS4.1.src.rpm
    MD5: ce8e67835617931630062c3ce70ed646
    SHA-256: b50e67ba2b1aecc68081ee1fa90b09ad64545cde05da827c76b05f28ba0315e1
    Size: 3.25 MB

Asianux Server 4 for x86
  1. openssl-1.0.0-20.AXS4.1.i686.rpm
    MD5: ef76334aa19e154b45d92c27c4a9aba2
    SHA-256: f0088a456c3ecd1ac3840eb8d5cb85dcb867b39f6f321f5011ad340dc8a2d66f
    Size: 1.37 MB
  2. openssl-devel-1.0.0-20.AXS4.1.i686.rpm
    MD5: 1693bff109af1169c4a32e800ddfaaab
    SHA-256: f289f49976cbfa328a2f28458003f489fe6391ca04d699e6168c8e8eb7affceb
    Size: 1.14 MB

Asianux Server 4 for x86_64
  1. openssl-1.0.0-20.AXS4.1.x86_64.rpm
    MD5: f963bf4a8c07c92a79b7e8927fe38fac
    SHA-256: 375e537ca323e71721a21f6caebe777e3d8a0c7e52ad0a4f41190d81aa38cdff
    Size: 1.36 MB
  2. openssl-devel-1.0.0-20.AXS4.1.x86_64.rpm
    MD5: eacd6ef6f4573e0ac99af81b379b91fa
    SHA-256: b209c08d426552c406aac7e28aa9fec9dce3a5fce4a984f45623e62bf2f595c6
    Size: 1.14 MB
  3. openssl-1.0.0-20.AXS4.1.i686.rpm
    MD5: ef76334aa19e154b45d92c27c4a9aba2
    SHA-256: f0088a456c3ecd1ac3840eb8d5cb85dcb867b39f6f321f5011ad340dc8a2d66f
    Size: 1.37 MB
  4. openssl-devel-1.0.0-20.AXS4.1.i686.rpm
    MD5: 1693bff109af1169c4a32e800ddfaaab
    SHA-256: f289f49976cbfa328a2f28458003f489fe6391ca04d699e6168c8e8eb7affceb
    Size: 1.14 MB