exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Linux Security Advisory 875-1

Debian Linux Security Advisory 875-1
Posted Oct 30, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 875-1 - Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2005-2969
SHA-256 | e7ab26408e5d2c65bcc64537ceb0b3da408d12e29953bbde9cfc2925fddc3f60

Debian Linux Security Advisory 875-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 875-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 27th, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : openssl094
Vulnerability : cryptographic weakness
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-2969

Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer
(OpenSSL) library that can allow an attacker to perform active
protocol-version rollback attacks that could lead to the use of the
weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS
1.0.

The following matrix explains which version in which distribution has
this problem corrected.

oldstable (woody) stable (sarge) unstable (sid)
openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3
openssl 094 0.9.4-6.woody.4 n/a n/a
openssl 095 0.9.5a-6.woody.6 n/a n/a
openssl 096 n/a 0.9.6m-1sarge1 n/a
openssl 097 n/a n/a 0.9.7g-5

We recommend that you upgrade your libssl packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.4.dsc
Size/MD5 checksum: 624 2989b7b16a146a2f9a6ca52887bb2c3f
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.4.diff.gz
Size/MD5 checksum: 47116 a4db6a4e53d8f8703da86774768cb21c
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4.orig.tar.gz
Size/MD5 checksum: 1570392 72544daea16d6c99d656b95f77b01b2d

Alpha architecture:

http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_alpha.deb
Size/MD5 checksum: 445816 1eaa00c5cee084727d23a8169acdb705

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_i386.deb
Size/MD5 checksum: 358626 2d3f09ec2222ac497180a01facea470c

PowerPC architecture:

http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_powerpc.deb
Size/MD5 checksum: 378870 58d0d41fa2005b5d05f49c557023c466


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDYJZpW5ql+IAeqTIRAu8zAKCZKeTsbp18kD+6dpno+xAvlT0D6gCguh3H
DQcg5cxf+sHJbhk4pT5uzBg=
=znal
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close