Paketname
openssl
Datum
2012-03-26
Advisory ID
MDVSA-2012:038
Betroffene Versionen
MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64

Problembeschreibung

Multiple vulnerabilities has been found and corrected in openssl:

The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in
OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict
certain oracle behavior, which makes it easier for context-dependent
attackers to decrypt data via a Million Message Attack (MMA) adaptive
chosen ciphertext attack (CVE-2012-0884).

The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before
0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial
of service (NULL pointer dereference and application crash) via a
crafted S/MIME message, a different vulnerability than CVE-2006-7250
(CVE-2012-1165).

The updated packages have been patched to correct these issues.

Aktualisierte Pakete

MES5 i586

 4bd8479bc2fad30096d37d498240c507  mes5/i586/libopenssl0.9.8-0.9.8h-3.14mdvmes5.2.i586.rpm
 33cf65c119e4d84738619a84e598aba2  mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.14mdvmes5.2.i586.rpm
 ca767a0cbeb99230946ebb35191b9df2  mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.14mdvmes5.2.i586.rpm
 9f3bba03e5aff24ecd26bae11c99af91  mes5/i586/openssl-0.9.8h-3.14mdvmes5.2.i586.rpm 
 65c9f262dd6b4d66069649ea1e596b4b  mes5/SRPMS/openssl-0.9.8h-3.14mdvmes5.2.src.rpm

2010.1 i586

 820b204b86b1f140bf8526725ee29650  2010.1/i586/libopenssl0.9.8-0.9.8u-0.1mdv2010.2.i586.rpm
 f19cb6b757e2502ba930c139ce6cd3c4  2010.1/i586/libopenssl1.0.0-1.0.0a-1.11mdv2010.2.i586.rpm
 a57c57a8ebfb75f2da2ce416218655a9  2010.1/i586/libopenssl1.0.0-devel-1.0.0a-1.11mdv2010.2.i586.rpm
 d5807ee096478bcca0d08f2145535f78  2010.1/i586/libopenssl1.0.0-static-devel-1.0.0a-1.11mdv2010.2.i586.rpm
 cacdcfe367accab7ee4ce75eefd1d28d  2010.1/i586/libopenssl-engines1.0.0-1.0.0a-1.11mdv2010.2.i586.rpm
 8a3b57e03df92a2d421672a6495f34a0  2010.1/i586/openssl-1.0.0a-1.11mdv2010.2.i586.rpm 
 6be06368a541e654742693c6eb705fb1  2010.1/SRPMS/openssl0.9.8-0.9.8u-0.1mdv2010.2.src.rpm
 2619947049700ab84d6cad214a0131f3  2010.1/SRPMS/openssl-1.0.0a-1.11mdv2010.2.src.rpm

2011 x86_64

 89645faf8d71d72afa62c2be5d21a55b  2011/x86_64/lib64openssl1.0.0-1.0.0d-2.4-mdv2011.0.x86_64.rpm
 2f3e7dc11f36f7f10bc26669ea0d359a  2011/x86_64/lib64openssl-devel-1.0.0d-2.4-mdv2011.0.x86_64.rpm
 aecefb41191efa106dc11cfdff6e5dbc  2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.4-mdv2011.0.x86_64.rpm
 ec65b7b472890dd336239605846a3a56  2011/x86_64/lib64openssl-static-devel-1.0.0d-2.4-mdv2011.0.x86_64.rpm
 db15536fedf4e8e8e00f1877f2939f6d  2011/x86_64/openssl-1.0.0d-2.4-mdv2011.0.x86_64.rpm 
 34324e854461c4102c4db333d3f575ba  2011/SRPMS/openssl-1.0.0d-2.4.src.rpm

2011 i586

 1960675e9fe0ae8da138ecba0bf9e6b4  2011/i586/libopenssl1.0.0-1.0.0d-2.4-mdv2011.0.i586.rpm
 de70876cfc6918c35b89cae61ccb2788  2011/i586/libopenssl-devel-1.0.0d-2.4-mdv2011.0.i586.rpm
 68696a78df495d3245034e776ececf24  2011/i586/libopenssl-engines1.0.0-1.0.0d-2.4-mdv2011.0.i586.rpm
 fba71506079447ff67b7e52c15004221  2011/i586/libopenssl-static-devel-1.0.0d-2.4-mdv2011.0.i586.rpm
 f8992d4ee7b2c0d979a314593c590e8b  2011/i586/openssl-1.0.0d-2.4-mdv2011.0.i586.rpm 
 34324e854461c4102c4db333d3f575ba  2011/SRPMS/openssl-1.0.0d-2.4.src.rpm

MES5 x86_64

 e0b68754036f1114ed20cf8199d7625d  mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.14mdvmes5.2.x86_64.rpm
 ba2d5446973c7aecbe93ac7455cb7a7b  mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.14mdvmes5.2.x86_64.rpm
 a16b1e15a2164eadf4d052f7f29080fd  mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.14mdvmes5.2.x86_64.rpm
 71e785c5e2bda4cfc189ae8adff9cd54  mes5/x86_64/openssl-0.9.8h-3.14mdvmes5.2.x86_64.rpm 
 65c9f262dd6b4d66069649ea1e596b4b  mes5/SRPMS/openssl-0.9.8h-3.14mdvmes5.2.src.rpm

2010.1 x86_64

 dfb5f411e236cc9b4b3f2e005d5f0e2e  2010.1/x86_64/lib64openssl0.9.8-0.9.8u-0.1mdv2010.2.x86_64.rpm
 7ee654320d85d3f3aa0bbd94bc42453b  2010.1/x86_64/lib64openssl1.0.0-1.0.0a-1.11mdv2010.2.x86_64.rpm
 1d00d58ab6be34fd3542340300038950  2010.1/x86_64/lib64openssl1.0.0-devel-1.0.0a-1.11mdv2010.2.x86_64.rpm
 6c7ca81d116a60d500ffddc2f3c7fb57  2010.1/x86_64/lib64openssl1.0.0-static-devel-1.0.0a-1.11mdv2010.2.x86_64.rpm
 bcdac0e2468a6e06f4078f05fdafd392  2010.1/x86_64/lib64openssl-engines1.0.0-1.0.0a-1.11mdv2010.2.x86_64.rpm
 836de45400c21f24fa5b21b7c706eb98  2010.1/x86_64/openssl-1.0.0a-1.11mdv2010.2.x86_64.rpm 
 6be06368a541e654742693c6eb705fb1  2010.1/SRPMS/openssl0.9.8-0.9.8u-0.1mdv2010.2.src.rpm
 2619947049700ab84d6cad214a0131f3  2010.1/SRPMS/openssl-1.0.0a-1.11mdv2010.2.src.rpm

Referenzen