English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2007-52
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 09 Nov 2007
 Last revised: 09 Nov 2007

 Package: openssl

 Summary: Multiple vulnerabilities exist in openssl

 More information:
    The OpenSSL Project is a collaborative effort to develop a robust,
    commercial-grade, full-featured Open Source toolkit implementing the
    Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
    protocols as well as a full-strength general purpose cryptography library.

    Multiple vulnerabilities exist in openssl.

 Impact:
  Buffer overflow openssl.
  Allows remote attackers to force a client and server to use a weaker protocol.
  Allow local users to conduct a side-channel attack and retrieve RSA private keys.
  Allow remote attackers to execute arbitrary code via a crafted packet that 
  triggers a one-byte buffer underflow.
  Remote attackers to execute arbitrary code via unspecified vectors.

 Affected Products:
    - wizpy
    - Turbolinux Appliance Server 2.0
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Multimedia
    - Turbolinux Personal
    - Turbolinux 8 Server


 <wizpy>

   Source Packages
   Size: MD5

   openssl-0.9.8-12.src.rpm
      3369754 1988e069d0f6676f0dc94e310b2346c9

   Binary Packages
   Size: MD5

   openssl-0.9.8-12.i386.rpm
      1507977 136669205681cfac03ec3a3e7ef989f3

 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   openssl-0.9.7d-13.src.rpm
      2905537 64e45df443efce20e71c553ea2601781
   openssl-compat-0.9.6m-12.src.rpm
      2283679 22f70e633fd0e757ac03345ae55d1086

   Binary Packages
   Size: MD5

   openssl-0.9.7d-13.i586.rpm
      1303002 4de1a3600839082b592a085832dce581
   openssl-compat-0.9.6m-12.i586.rpm
       756719 2bde738a8dbdd22d3382962dac02c6ed
   openssl-devel-0.9.7d-13.i586.rpm
      1484607 50d25b98f2cf9779ddf47b5c640a87ec

 <Turbolinux FUJI>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/openssl-0.9.8-12.src.rpm
      3369754 8c608cfd5b48cc249569d91e4f05cf9a
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/openssl-compat-0.9.7d-13.src.rpm
      2905545 169210c886a77ee60a2c9603961358d0
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/openssl096-0.9.6m-12.src.rpm
      2283691 ee1d9c142b6dcd4029f4a362465ad7ed

   Binary Packages
   Size: MD5

   openssl-0.9.8-12.i686.rpm
      1743047 bad2652d584fcffa03b60b26748f30a0
   openssl-compat-0.9.7d-13.i686.rpm
      1058028 14dd5de98060f4499bc8678e582fd9b4
   openssl-devel-0.9.8-12.i686.rpm
      1928515 ac58dc231cc6df534b4d5a70998085c5
   openssl096-0.9.6m-12.i686.rpm
       881931 2099f0f01eec2d64d3a07640fb5673c2

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/openssl-0.9.7d-13.src.rpm
      2905537 167ed0070e9e7e47022e29d863574eeb
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/openssl-compat-0.9.6m-12.src.rpm
      2283679 d0f5266ffb19f2178d64e1249328d1b5

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-0.9.7d-13.x86_64.rpm
      1413703 03f0d26283e6837175ba49b670fb2854
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-compat-0.9.6m-12.x86_64.rpm
       851114 55bd8d7612aff06b42f08df93a887e6e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-devel-0.9.7d-13.x86_64.rpm
      1548926 c0f0fd6d2d7fdb923f4f2f47ed72f991

 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   openssl-0.9.6m-12.src.rpm
      2371446 db00a32d7037f78d0e873313380b07c9

   Binary Packages
   Size: MD5

   openssl-0.9.6m-12.i586.rpm
      1446903 75247e5581d86ae13be3a47e02050701
   openssl-devel-0.9.6m-12.i586.rpm
      1158945 d7aff0506d7dcfa69519acac4949012d

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   openssl-0.9.6m-12.src.rpm
      2371446 c679e60ab77db1e5b232c90400f576e5

   Binary Packages
   Size: MD5

   openssl-0.9.6m-12.i586.rpm
      1447278 abb19471098c8467e8dca37f4e84f973
   openssl-devel-0.9.6m-12.i586.rpm
      1159760 618a1c5a8581f18b3eed6fc53769be9f

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/openssl-0.9.7d-13.src.rpm
      2905537 64e45df443efce20e71c553ea2601781
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/openssl-compat-0.9.6m-12.src.rpm
      2283679 22f70e633fd0e757ac03345ae55d1086

   Binary Packages
   Size: MD5

   openssl-0.9.7d-13.i586.rpm
      1303002 4de1a3600839082b592a085832dce581
   openssl-compat-0.9.6m-12.i586.rpm
       756719 2bde738a8dbdd22d3382962dac02c6ed
   openssl-devel-0.9.7d-13.i586.rpm
      1484607 50d25b98f2cf9779ddf47b5c640a87ec

 <Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/openssl-0.9.7d-13.src.rpm
      2905537 98a7937f20d6d19e94727007d012306c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/openssl-compat-0.9.6m-12.src.rpm
      2283679 5bf057f42a0bf63856c04b6965b15811

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-0.9.7d-13.i586.rpm
      1305650 9eb8f5a0b5af29249cae231ae831c8f9
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-compat-0.9.6m-12.i586.rpm
       756069 2e78f53d5c112ac9c4d5a4d7d5f7a737
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-devel-0.9.7d-13.i586.rpm
      1485984 a1e53ba74a81d92d5ffb760b5a78fa69

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssl-0.9.6m-12.src.rpm
      2371446 8e5a3b34dee584ee154adefe8c05524c

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-0.9.6m-12.i586.rpm
      1447371 5fdf3f1b5c68e8ca2aca7a9e20805498
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-devel-0.9.6m-12.i586.rpm
      1160208 0b1f9a242b68a11ce825f15308d10d3c


 References:

 CVE
   [CAN-2005-2969]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969
   [CVE-2006-3738]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
   [CVE-2007-3108]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108
   [CVE-2007-4995]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995
   [CVE-2007-5135]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135

 --------------------------------------------------------------------------
 Revision History
    09 Nov 2007 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2007 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHM+yAK0LzjOqIJMwRAvkkAJ94R0aQPAamoHeuVJvq+KumO1ATAACgjsMB
6VC2wKJaMs5SP/jP44Ihi/g=
=Nezi
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.