Paketname
openssl
Datum
2009-05-21
Advisory ID
MDVSA-2009:120
Betroffene Versionen
2009.0 x86_64 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , 2008.1 x86_64 , 2009.1 x86_64

Problembeschreibung

Multiple security vulnerabilities has been identified and fixed
in OpenSSL:

The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k
and earlier 0.9.8 versions allows remote attackers to cause a denial
of service (memory consumption) via a large series of future epoch
DTLS records that are buffered in a queue, aka DTLS record buffer
limitation bug. (CVE-2009-1377)

Multiple memory leaks in the dtls1_process_out_of_seq_message function
in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow
remote attackers to cause a denial of service (memory consumption)
via DTLS records that (1) are duplicates or (2) have sequence numbers
much greater than current sequence numbers, aka DTLS fragment handling
memory leak. (CVE-2009-1378)

The updated packages have been patched to prevent this.

Aktualisierte Pakete

2009.0 x86_64

 e3c14742691a67f21ed7a7c9abe775a2  2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.3mdv2009.0.x86_64.rpm
 b2bc687de0793a6c14649fa68c7d043b  2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.3mdv2009.0.x86_64.rpm
 76f91d3544039f65b77894a86a45e09c  2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.3mdv2009.0.x86_64.rpm
 418ef4a5a9a24fc8437baf75d8c12944  2009.0/x86_64/openssl-0.9.8h-3.3mdv2009.0.x86_64.rpm 
 c4354a0c28d3e83b9ff529a70bede4bd  2009.0/SRPMS/openssl-0.9.8h-3.3mdv2009.0.src.rpm

2009.1 i586

 9c46d7da9fb61cef36532ea0c25fd881  2009.1/i586/libopenssl0.9.8-0.9.8k-1.1mdv2009.1.i586.rpm
 7a984a72c9b2c7b0549dabf4f7b353fd  2009.1/i586/libopenssl0.9.8-devel-0.9.8k-1.1mdv2009.1.i586.rpm
 0e8b58b6e02958d05d19e78d9725cd45  2009.1/i586/libopenssl0.9.8-static-devel-0.9.8k-1.1mdv2009.1.i586.rpm
 a32d8acd870490b6efba309da6dce043  2009.1/i586/openssl-0.9.8k-1.1mdv2009.1.i586.rpm 
 7b9c16777f3e88674fb65d0c28df10ff  2009.1/SRPMS/openssl-0.9.8k-1.1mdv2009.1.src.rpm

2009.0 i586

 94d6f4be3c42586813be16a2270c89bf  2009.0/i586/libopenssl0.9.8-0.9.8h-3.3mdv2009.0.i586.rpm
 59e4214a9e5d703a88e5c695adf498b9  2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.3mdv2009.0.i586.rpm
 3819b2efba54362f7e8e4a821254f258  2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.3mdv2009.0.i586.rpm
 ecd5bea8f1fe9dd6b4e8506c0b0705ae  2009.0/i586/openssl-0.9.8h-3.3mdv2009.0.i586.rpm 
 c4354a0c28d3e83b9ff529a70bede4bd  2009.0/SRPMS/openssl-0.9.8h-3.3mdv2009.0.src.rpm

2008.1 i586

 9492fe3bf022be9f7529e594844033d4  2008.1/i586/libopenssl0.9.8-0.9.8g-4.4mdv2008.1.i586.rpm
 54166454819e21289e49a6e2986e7f30  2008.1/i586/libopenssl0.9.8-devel-0.9.8g-4.4mdv2008.1.i586.rpm
 0ee9a01df9bc622268eb052400433de7  2008.1/i586/libopenssl0.9.8-static-devel-0.9.8g-4.4mdv2008.1.i586.rpm
 b681fd12d6cd2bdbb85d1726b2db4a99  2008.1/i586/openssl-0.9.8g-4.4mdv2008.1.i586.rpm 
 217fe6c6af5265755ec2105b1f3bebaf  2008.1/SRPMS/openssl-0.9.8g-4.4mdv2008.1.src.rpm

2008.1 x86_64

 6409f96a04a2d3946a1b72f63a868e5d  2008.1/x86_64/lib64openssl0.9.8-0.9.8g-4.4mdv2008.1.x86_64.rpm
 d00a048d4d263f28539171f89d5de1e8  2008.1/x86_64/lib64openssl0.9.8-devel-0.9.8g-4.4mdv2008.1.x86_64.rpm
 03bbd2a59f8bc5f0d1d6cb54736f024c  2008.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8g-4.4mdv2008.1.x86_64.rpm
 797c40fa3bd86009061423713e2292c5  2008.1/x86_64/openssl-0.9.8g-4.4mdv2008.1.x86_64.rpm 
 217fe6c6af5265755ec2105b1f3bebaf  2008.1/SRPMS/openssl-0.9.8g-4.4mdv2008.1.src.rpm

2009.1 x86_64

 8f3c93a2af5e8950bbc3846fc7f90568  2009.1/x86_64/lib64openssl0.9.8-0.9.8k-1.1mdv2009.1.x86_64.rpm
 8573eab7fdffff97807255dc91154abc  2009.1/x86_64/lib64openssl0.9.8-devel-0.9.8k-1.1mdv2009.1.x86_64.rpm
 a557449ae9983495e61eabaeb5300895  2009.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-1.1mdv2009.1.x86_64.rpm
 99f346d65571efb2c4142aab5f074038  2009.1/x86_64/openssl-0.9.8k-1.1mdv2009.1.x86_64.rpm 
 7b9c16777f3e88674fb65d0c28df10ff  2009.1/SRPMS/openssl-0.9.8k-1.1mdv2009.1.src.rpm

Referenzen