-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:087 http://www.mandriva.com/security/ _______________________________________________________________________ Package : openssl Date : April 3, 2009 Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A security vulnerability has been identified and fixed in OpenSSL, which could crash applications using OpenSSL library when parsing malformed certificates (CVE-2009-0590). The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 6b754c91594c65b327d2dba0c7402d55 2008.0/i586/libopenssl0.9.8-0.9.8e-8.3mdv2008.0.i586.rpm 7925aa846daa02085d8261e17f2f5875 2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.3mdv2008.0.i586.rpm 051e206025736be6aca4e5b2a57b8f94 2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.3mdv2008.0.i586.rpm 01f56e6d5ee540090fbee6d34f29e65a 2008.0/i586/openssl-0.9.8e-8.3mdv2008.0.i586.rpm c70caa3e4c03412a02cc6bbb36902382 2008.0/SRPMS/openssl-0.9.8e-8.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: bffedd1a3568c6756f2a7e208711406b 2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.3mdv2008.0.x86_64.rpm bdd18bfb34dc3fe03ab0427eaa998762 2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.3mdv2008.0.x86_64.rpm c1966f47b75d196587ba1bbebeb36de6 2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.3mdv2008.0.x86_64.rpm 2d0ee52fbbe9736e3e36d0af3eccfab4 2008.0/x86_64/openssl-0.9.8e-8.3mdv2008.0.x86_64.rpm c70caa3e4c03412a02cc6bbb36902382 2008.0/SRPMS/openssl-0.9.8e-8.3mdv2008.0.src.rpm Mandriva Linux 2008.1: dc492cf18385aabfb94663b1a121a776 2008.1/i586/libopenssl0.9.8-0.9.8g-4.3mdv2008.1.i586.rpm bb4d4453048fb8f68fa3d4acaddaa0c8 2008.1/i586/libopenssl0.9.8-devel-0.9.8g-4.3mdv2008.1.i586.rpm ad22bc2ee1d238606133616104420669 2008.1/i586/libopenssl0.9.8-static-devel-0.9.8g-4.3mdv2008.1.i586.rpm f7f7edf2ca2e1422d718a40c2c14419b 2008.1/i586/openssl-0.9.8g-4.3mdv2008.1.i586.rpm e032c64f27cc35e9c72c9ee1d28dfaf3 2008.1/SRPMS/openssl-0.9.8g-4.3mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 77d9d1e7f5dc49dec60c69cc1b028463 2008.1/x86_64/lib64openssl0.9.8-0.9.8g-4.3mdv2008.1.x86_64.rpm 0bcee0a1c173a8f5d8e8adbb81708a6c 2008.1/x86_64/lib64openssl0.9.8-devel-0.9.8g-4.3mdv2008.1.x86_64.rpm cb5ff411ea8180862e0d411239c76341 2008.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8g-4.3mdv2008.1.x86_64.rpm 02c72439aa06c9310494b17ebc676e0c 2008.1/x86_64/openssl-0.9.8g-4.3mdv2008.1.x86_64.rpm e032c64f27cc35e9c72c9ee1d28dfaf3 2008.1/SRPMS/openssl-0.9.8g-4.3mdv2008.1.src.rpm Mandriva Linux 2009.0: 4ec73f053278a9c77ccd62034a1e4c72 2009.0/i586/libopenssl0.9.8-0.9.8h-3.2mdv2009.0.i586.rpm 33da38ad5f20eec511a60b5b476cf241 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.2mdv2009.0.i586.rpm 70f6020e9fe66badabf815f7256b9718 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.2mdv2009.0.i586.rpm 8f87c9a8339052d4c261cfd818486c1d 2009.0/i586/openssl-0.9.8h-3.2mdv2009.0.i586.rpm 44980fee28c99bb22012e36e88eeaec7 2009.0/SRPMS/openssl-0.9.8h-3.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 18b0da8ae3998bb143efbe9fbf78282d 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.2mdv2009.0.x86_64.rpm 01310fb6273e795489023f02d71434d4 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.2mdv2009.0.x86_64.rpm 2da04ce75c2371f1ee15d94742f00ee6 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.2mdv2009.0.x86_64.rpm 5529205245e554324f40c87ba665b198 2009.0/x86_64/openssl-0.9.8h-3.2mdv2009.0.x86_64.rpm 44980fee28c99bb22012e36e88eeaec7 2009.0/SRPMS/openssl-0.9.8h-3.2mdv2009.0.src.rpm Corporate 3.0: 1b58ced1478d63969727c9346305e20d corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.10.C30mdk.i586.rpm 3ebb9340042ad4fbf9664ba47148fd59 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.10.C30mdk.i586.rpm c57397a9e6773866c58d11af8b9599a4 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.10.C30mdk.i586.rpm feaecf68067dd7d75cf30790b0702338 corporate/3.0/i586/openssl-0.9.7c-3.10.C30mdk.i586.rpm 47da419d4ed666fcb064635be15a6450 corporate/3.0/SRPMS/openssl-0.9.7c-3.10.C30mdk.src.rpm Corporate 3.0/X86_64: c567e5f61d5cae04b02bfa43d307cf95 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.10.C30mdk.x86_64.rpm 4c487ef9f195ac905d8e27a2ee5a3aad corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.10.C30mdk.x86_64.rpm 11faa9b02898eaec3d346e56c2c37567 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.10.C30mdk.x86_64.rpm 0485fbcd4bb28224e6716114eb6dd372 corporate/3.0/x86_64/openssl-0.9.7c-3.10.C30mdk.x86_64.rpm 47da419d4ed666fcb064635be15a6450 corporate/3.0/SRPMS/openssl-0.9.7c-3.10.C30mdk.src.rpm Corporate 4.0: 72db90b1c8362f8122bb29101e8f7ea3 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.8.20060mlcs4.i586.rpm 2957dac9e5461336cf68433f4b147de1 corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.8.20060mlcs4.i586.rpm e0f441e9cf9c18321f4e8b3099c2df5a corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.8.20060mlcs4.i586.rpm 4a020ff36ff58d2ae9ccfc852f265d1d corporate/4.0/i586/openssl-0.9.7g-2.8.20060mlcs4.i586.rpm 12bd0d350017d5ad4930beaad07e2a92 corporate/4.0/SRPMS/openssl-0.9.7g-2.8.20060mlcs4.src.rpm Corporate 4.0/X86_64: b8c7201ae9c41aa0f391f877da24e312 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.8.20060mlcs4.x86_64.rpm d9329b8d694a37cd24d3e2373eb02066 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.8.20060mlcs4.x86_64.rpm e9c6bd67410f238a0b775361e08e7af3 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.8.20060mlcs4.x86_64.rpm 88d42200e0464824e003ce4451a175e7 corporate/4.0/x86_64/openssl-0.9.7g-2.8.20060mlcs4.x86_64.rpm 12bd0d350017d5ad4930beaad07e2a92 corporate/4.0/SRPMS/openssl-0.9.7g-2.8.20060mlcs4.src.rpm Multi Network Firewall 2.0: 74728af83737762b744092597629e1db mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.10.C30mdk.i586.rpm 0de1c4403ddbba33f21a99e2879af9cc mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.10.C30mdk.i586.rpm 3b79e5cdb909115e3770ee59a17f757a mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.10.C30mdk.i586.rpm 39b67cff96aaa016f119d5ddff312f54 mnf/2.0/i586/openssl-0.9.7c-3.10.C30mdk.i586.rpm 1201abd42759b7e5a0d96aa4f96a9dd1 mnf/2.0/SRPMS/openssl-0.9.7c-3.10.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJ1mJMmqjQ0CJFipgRAq43AJ427ntOrRUUUgRlx1AwCldUE/rFygCfQu5Y I9/Hqbyeksi2w0SLyVMPeMw= =+BmT -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/