openssl-1.0.0-20.AXS4.5

エラータID: AXSA:2012-576:06

Release date: 
Tuesday, July 24, 2012 - 14:47
Subject: 
openssl-1.0.0-20.AXS4.5
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

Security issues fixed with this release:

• CVE-2012-2333
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. On Red Hat Enterprise Linux 6, this update also fixes an uninitialized variable use bug, introduced by the fix for CVE-2012-0884 (released via RHSA-2012:0426). This bug could possibly cause an attempt to create an encrypted message in the CMS (Cryptographic Message Syntax) format to fail.

Fixed bugs:

• The previously released <A HREF="http://www.asianux.com/tsn_hq/index.php?m=errata&a=detail&eid=2953&sType..., which contains a fix for CVE-2012-0884, introduced an uninitialized variable use bug, which could potentially lead to creating an encrypted message in the Cryptographic Message Syntax (CMS) format to fail.

Solution: 

Update packages.

CVEs: 
CVE-2012-2333



Additional Info: 

N/A

Download: 

SRPMS
  1. openssl-1.0.0-20.AXS4.5.src.rpm
    MD5: 23019e9aa6c282cb182d7b3abef0e151
    SHA-256: 3a6d9e170d199324139d7f009eb953ee238833ac42e7c22165ba67f9745533bf
    Size: 3.26 MB

Asianux Server 4 for x86
  1. openssl-1.0.0-20.AXS4.5.i686.rpm
    MD5: 2dc02f5a0093a9dd18c7896416a9dc0b
    SHA-256: 9a9cc74a35c9f2691409d6584e41261aaea4f4dfc5d1ac932a2f163f92adf79e
    Size: 1.37 MB
  2. openssl-devel-1.0.0-20.AXS4.5.i686.rpm
    MD5: 45b7b51c2c7ddbb3dabc86343f3825c7
    SHA-256: d41f55cbae4b51b601acaaf4773603366fe4a239508df495ee235f4c435df25d
    Size: 1.14 MB

Asianux Server 4 for x86_64
  1. openssl-1.0.0-20.AXS4.5.x86_64.rpm
    MD5: aef94fe5da1b7e2c47c1962332050641
    SHA-256: 1aab77d3c910a4c0386f3e25f93d3c460623c5c377c39ab8b9c1dc0b7745b30c
    Size: 1.36 MB
  2. openssl-devel-1.0.0-20.AXS4.5.x86_64.rpm
    MD5: 8253ff7913e89000558239df42c2799d
    SHA-256: 7459e044007f1fecf18436c7d52ad84aadd49cb4e0a2dee228eb2f19b3154614
    Size: 1.14 MB
  3. openssl-1.0.0-20.AXS4.5.i686.rpm
    MD5: 2dc02f5a0093a9dd18c7896416a9dc0b
    SHA-256: 9a9cc74a35c9f2691409d6584e41261aaea4f4dfc5d1ac932a2f163f92adf79e
    Size: 1.37 MB
  4. openssl-devel-1.0.0-20.AXS4.5.i686.rpm
    MD5: 45b7b51c2c7ddbb3dabc86343f3825c7
    SHA-256: d41f55cbae4b51b601acaaf4773603366fe4a239508df495ee235f4c435df25d
    Size: 1.14 MB