English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2004-9
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date : 30 Mar 2004
 Last revised           : 30 Mar 2004

 Package : openssl

 Summary : Multiple vulnerabilities in openssl

 More information :
    The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade,
    full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
    and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. 

    - The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c,
      allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake
      that causes a null-pointer assignment. 
    - Certain versions of OpenSSL 0.9.6 allow remote attackers to cause a denial of service (infinite loop),
      as demonstrated using the Codenomicon TLS Test Tool.
    - The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites,
      allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake,
      which causes an out-of-bounds read.

 Impact :
    The vulnerabilities allow an attacker can cause to denial of service of the openssl.

 Affected Products :
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
 [Turbolinux 10 Desktop]
 # zabom -u openssl openssl-compat openssl-devel

 [other]
 # zabom update openssl openssl-devel
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size : MD5

   openssl-0.9.6m-1.src.rpm
      2265514 72b075667855cb90a53c325f8eca8e2e

   Binary Packages
   Size : MD5

   openssl-0.9.6m-1.i586.rpm
      1369208 bba436fa46e6d003f908151d5fdcd220
   openssl-devel-0.9.6m-1.i586.rpm
      1156435 9a01f7b30ea969ff1e2e0cb8de624a90

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size : MD5

   openssl-0.9.6m-1.src.rpm
      2265514 08266734ac965a26dc6083f9b3fb7542

   Binary Packages
   Size : MD5

   openssl-0.9.6m-1.i586.rpm
      1367705 cb90be0ae5ea9756e2d1e1ecc7c0d523
   openssl-devel-0.9.6m-1.i586.rpm
      1157172 ef5019a72ff65524b529de656223b3ad

 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/openssl-0.9.7d-1.src.rpm
      2793953 ab0c244579dcea53fa6f5f48505b0b5a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/openssl-compat-0.9.6m-1.src.rpm
      2265321 e03a6f6777dd03c36e31710c8febad77

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-0.9.7d-1.i586.rpm
      1218800 eb84ac4173b36ce151f803cb60eb8bdd
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-compat-0.9.6m-1.i586.rpm
       754120 459d2aab779bcb1f7334806f3da894f6
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-devel-0.9.7d-1.i586.rpm
      1479420 644f6d0e2f0999965417ace5e41853ac

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssl-0.9.6m-1.src.rpm
      2265514 dc0389b141a2c78c29d32d250ecb4987

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-0.9.6m-1.i586.rpm
      1367693 aacc89cbc22c431b780366c53003189a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-devel-0.9.6m-1.i586.rpm
      1157874 707e421ad1b9f223fa822573bf8eb81a

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/openssl-0.9.6m-1.src.rpm
      2265514 073e830786e49f88acf8439b0a14b717

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssl-0.9.6m-1.i586.rpm
      1367591 1d99d917b5f01b61030660045c10f35e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssl-devel-0.9.6m-1.i586.rpm
      1158207 8b6cbae3a04ff320e847336c0a23a24e

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/openssl-0.9.6m-1.src.rpm
      2265514 132dabe2c91ab0227ff56b85340dc98c

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssl-0.9.6m-1.i586.rpm
      1337061 99f13d9b84819eae9025465f77ea6c5a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssl-devel-0.9.6m-1.i586.rpm
      1140489 301ef33ceefc4922ca59b84b10250dbe

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/openssl-0.9.6m-1.src.rpm
      2265514 4be185ab3a40e0e0982de7cabebaceb0

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssl-0.9.6m-1.i586.rpm
      1337293 9e51b81ed1a4ac73a43f80c4a78b9a39
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssl-devel-0.9.6m-1.i586.rpm
      1141285 0a9a7085891aec85f742b2eee1647d29

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/openssl-0.9.6m-1.src.rpm
      2265514 fb4550e5daa482a1978464e8a1272b3c

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssl-0.9.6m-1.i386.rpm
      1466724 7e303efabc213f57fe6f3eed50f62ef0
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssl-devel-0.9.6m-1.i386.rpm
      1273395 557dfc469d06aea2564a9a14a248ea24

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/openssl-0.9.6m-1.src.rpm
      2265514 9b0c792b110e7d2e43ff83d072ea647d

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssl-0.9.6m-1.i386.rpm
      1466757 9a76ebcb8a5c390fe4880e750bedeeb2
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssl-devel-0.9.6m-1.i386.rpm
      1273434 680429a3bf0235c7958ee7b9f02ebab5

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/openssl-0.9.6m-1.src.rpm
      2265514 0a2f1d263ae5bbaeb18f81551743590d

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssl-0.9.6m-1.i386.rpm
      1466752 c0696ff96729f4218cd588d94033b5c4
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssl-devel-0.9.6m-1.i386.rpm
      1273499 49af08dd7d0b08fd701d61c4f7f11983

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/openssl-0.9.6m-1.src.rpm
      2265514 f83b24f5112c3e66c9122af6199e0ac5

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssl-0.9.6m-1.i386.rpm
      1466745 6f982e6da0d92b23139e111e50143e05
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssl-devel-0.9.6m-1.i386.rpm
      1273391 0dec09ad6bfedccfe0157828d682bb80


 Reiferences :

 CVE
   [CAN-2004-0079]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079
   [CAN-2004-0081]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0081
   [CAN-2004-0112]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112


 --------------------------------------------------------------------------
 Revision History
    30 Mar 2004 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2004 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAaSFJK0LzjOqIJMwRAjs0AJ4wzqLwJtb13Trqkx9Ouo8xcPtVVwCgidtb
+2guQ6+MUyfqpkEwHMMapTE=
=weL6
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.