English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2009-5
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 05 Feb 2009
 Last revised: 05 Feb 2009

 Package: openssl

 Summary: return value check vulnerability

 More information:
    The OpenSSL Project is a collaborative effort to develop a robust,
    commercial-grade, full-featured Open Source toolkit implementing the
    Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
    protocols as well as a full-strength general purpose cryptography library.

    OpenSSL 0.9.8i and earlier does not properly check the return value from
    the EVP_VerifyFinal function, which allows remote attackers to bypass
    validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. (CVE-2008-5077)

 Affected Products:
    - Turbolinux Client 2008
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server
    - wizpy
    - Turbolinux Appliance Server 2.0
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Multimedia
    - Turbolinux Personal
    - Turbolinux 8 Server


 <Turbolinux Client 2008>

   Source Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-source/openssl-0.9.8h-2.src.rpm
      3530526 da26035b51ceede26ade294281c1ea9a

   Binary Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/openssl-0.9.8h-2.i586.rpm
      1641825 a0eb1fb8f4ae5a7f5a7aa3e1a3c7b149
   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/openssl-devel-0.9.8h-2.i586.rpm
      1521217 f658a83ca76caa5c584f1742dcc6247c

 <Turbolinux Appliance Server 3.0 x64 Edition>

   Source Packages
   Size: MD5

   openssl-0.9.8e-5.src.rpm
      3449992 7f6f94909577599d4d6c655a313733b3

   Binary Packages
   Size: MD5

   openssl-0.9.8e-5.x86_64.rpm
      1772061 a4477f205084761d8b2041e8aa821dd0
   openssl-devel-0.9.8e-5.x86_64.rpm
      1967328 e9f426ce88709838594de688dcd71870

 <Turbolinux Appliance Server 3.0>

   Source Packages
   Size: MD5

   openssl-0.9.8e-5.src.rpm
      3449992 7f6f94909577599d4d6c655a313733b3

   Binary Packages
   Size: MD5

   openssl-0.9.8e-5.i686.rpm
      1700539 64f51c005f2e32dda3978e1569324c22
   openssl-devel-0.9.8e-5.i686.rpm
      1907152 f6a751148225cabb61f1152e4fdb81d7

 <Turbolinux 11 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/openssl-0.9.8e-5.src.rpm
      3449992 21ad1518ff87f76c0d6a4f0a83502ecc

   Binary Packages
   Size: MD5

   openssl-0.9.8e-5.x86_64.rpm
      1772061 a4477f205084761d8b2041e8aa821dd0
   openssl-devel-0.9.8e-5.x86_64.rpm
      1967328 e9f426ce88709838594de688dcd71870

 <Turbolinux 11 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/openssl-0.9.8e-5.src.rpm
      3449992 7f6f94909577599d4d6c655a313733b3

   Binary Packages
   Size: MD5

   openssl-0.9.8e-5.i686.rpm
      1700539 64f51c005f2e32dda3978e1569324c22
   openssl-devel-0.9.8e-5.i686.rpm
      1907152 f6a751148225cabb61f1152e4fdb81d7

 <wizpy>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/wizpy/updates/SRPMS/openssl-0.9.8-13.src.rpm
      3371087 b6275b827859e10c338fda8501c53309

   Binary Packages
   Size: MD5

   openssl-0.9.8-13.i386.rpm
      1508492 aaebd747a8731e50115a07d9db0195a2

 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   openssl-0.9.7d-14.src.rpm
      2907127 a79ef4a5c71c23cd7a365883303717b3
   openssl-compat-0.9.6m-13.src.rpm
      2285209 e60a03709ba378c7a4c6995f44ff2c77

   Binary Packages
   Size: MD5

   openssl-0.9.7d-14.i586.rpm
      1303521 24f66812c39689f8ad2743c65410928b
   openssl-compat-0.9.6m-13.i586.rpm
       757222 01c02c387347dbd1ad448c15539de43b
   openssl-devel-0.9.7d-14.i586.rpm
      1485448 c034e6abc54564312494654087a8f991

 <Turbolinux FUJI>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/openssl-0.9.8-13.src.rpm
      3371087 d985a1a4eb6472be207c497e116c57b5
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/openssl-compat-0.9.7d-14.src.rpm
      2907148 6f376f620a3eb0f68a2667fb0de1d158
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/openssl096-0.9.6m-13.src.rpm
      2285193 d88c817b49c92ab6d25e8171f5def7b4

   Binary Packages
   Size: MD5

   openssl-0.9.8-13.i686.rpm
      1744659 9f9303deb1ad4d695adf8fa9a7e10d38
   openssl-compat-0.9.7d-14.i686.rpm
      1058387 a0de7b87f8e81603b96be975f8ddf98d
   openssl-devel-0.9.8-13.i686.rpm
      1929847 14ea2b5495cd8382a961c65d2192579a
   openssl096-0.9.6m-13.i686.rpm
       882501 6de741fcf32c12bd9025d6209d00dd6a

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/openssl-0.9.7d-14.src.rpm
      2907127 f67c58c2c34528b8f39ff03460a93040
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/openssl-compat-0.9.6m-13.src.rpm
      2285209 25a48fbc3cb23649e6b6843eaa76f20f

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-0.9.7d-14.x86_64.rpm
      1413641 7301585c1a2ff016cb2f5f1df456c99a
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-compat-0.9.6m-13.x86_64.rpm
       851120 bf68214be3c88431795314a67e8a2101
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-devel-0.9.7d-14.x86_64.rpm
      1548836 b4605654a6f304a3a3104db17f977e45

 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   openssl-0.9.6m-13.src.rpm
      2372944 ce96569f5193f902d3d0d59e8a276548

   Binary Packages
   Size: MD5

   openssl-0.9.6m-13.i586.rpm
      1446880 915a2373b2ca2c6c49781838f7e31390
   openssl-devel-0.9.6m-13.i586.rpm
      1158010 45cb4f83764ad76915a1f979a77a277c

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   openssl-0.9.6m-13.src.rpm
      2372944 4e8298c15d816e34d93dc2c380ab35b7

   Binary Packages
   Size: MD5

   openssl-0.9.6m-13.i586.rpm
      1446857 3176ac33762f871ef15c5d1e95bf07ce
   openssl-devel-0.9.6m-13.i586.rpm
      1159144 6d952e57f476061e72007c0f4a90347f

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/openssl-0.9.7d-14.src.rpm
      2907127 4139de3dc5e29919e423912e8ef7de9f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/openssl-compat-0.9.6m-13.src.rpm
      2285209 e60a03709ba378c7a4c6995f44ff2c77

   Binary Packages
   Size: MD5

   openssl-0.9.7d-14.i586.rpm
      1303521 24f66812c39689f8ad2743c65410928b
   openssl-compat-0.9.6m-13.i586.rpm
       757222 01c02c387347dbd1ad448c15539de43b
   openssl-devel-0.9.7d-14.i586.rpm
      1485448 c034e6abc54564312494654087a8f991



 References:

 CVE
   [CVE-2008-5077]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077

 --------------------------------------------------------------------------
 Revision History
    05 Feb 2009 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2009 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)

iEYEARECAAYFAkmKlG4ACgkQK0LzjOqIJMy38wCfc3xpdnVfCOvuqYXoIJTT26LN
xwsAnReCNopNhd3MD2OPKkb2aDD/RI42
=2LiV
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.