openssl097a-0.9.7a-9AXS3.1
エラータID: AXSA:2009-12:01
Release date:
Friday, January 23, 2009 - 12:19
Subject:
openssl097a-0.9.7a-9AXS3.1
Affected Channels:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Asianux Server 3 for ppc
Asianux Server 3 for ia64
Severity:
High
Description:
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.
Bugs fixed:
CVE-2008-5077
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
Solution:
Update package and also update openssl package (openssl-0.9.8b-10.1AXS3.1 - Errata ID:2009-13-1)
CVEs:
CVE-2008-5077
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
Additional Info:
Please also update openssl-0.9.8b-10.1AXS3.1 - Errata ID:2009-13-1 to fully fix this problem.
Download:
SRPMS
- openssl097a-0.9.7a-9AXS3.1.src.rpm
MD5: 79dd05c73ef097048b19b39ed021c84c
SHA-256: f7b4453abc44a3c68e4e90369eb9d97d2fb074a67586273fb9e82389f8b77788
Size: 2.65 MB
Asianux Server 3 for x86
- openssl097a-0.9.7a-9AXS3.1.i386.rpm
MD5: d1576078ae488c23608ecdf770aa05d9
SHA-256: ae0575d65956e1eae1e73633008cd809b9f2d36b7d58e0428f495fb0b3abbd3d
Size: 826.84 kB
Asianux Server 3 for x86_64
- openssl097a-0.9.7a-9AXS3.1.x86_64.rpm
MD5: d70d5afc8a9659aa462822a55d75ff54
SHA-256: e57800ed216751386a8f312e82fd66c227b29068c53119f422dbaea1ccb055bd
Size: 826.49 kB
日本語