MDVSA-2012:073

Package name

openssl

Date

2012-05-11

Advisory ID

MDVSA-2012:073

Affected versions

MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability has been found and corrected in openssl:

A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can
be exploited in a denial of service attack on both clients and servers
(CVE-2012-2333).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 eac9b4f5fbe83b963c739ceab0802b23  mes5/i586/libopenssl0.9.8-0.9.8h-3.16mdvmes5.2.i586.rpm
 69fca6182cdc0dab36bf3c9749ebb29a  mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.16mdvmes5.2.i586.rpm
 de51afae564823dc53fa03c93b0600db  mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.16mdvmes5.2.i586.rpm
 1f28862f4a82c608bdfd7a33acc4886e  mes5/i586/openssl-0.9.8h-3.16mdvmes5.2.i586.rpm 
 5010c18bde45e7521094adc6830bacaf  mes5/SRPMS/openssl-0.9.8h-3.16mdvmes5.2.src.rpm

2010.1 i586

 8866fcb4196eb1c2b79e748389c1443c  2010.1/i586/libopenssl0.9.8-0.9.8x-0.1mdv2010.2.i586.rpm 
 bd6c7dd96f536c4ec97f57e9b580039b  2010.1/SRPMS/openssl0.9.8-0.9.8x-0.1mdv2010.2.src.rpm

2011 x86_64

 9a9ae392fb95474723642fdf96f4f142  2011/x86_64/lib64openssl1.0.0-1.0.0d-2.6-mdv2011.0.x86_64.rpm
 bd72ce2cec3d54cea1cebc330f99b8b9  2011/x86_64/lib64openssl-devel-1.0.0d-2.6-mdv2011.0.x86_64.rpm
 cc5a547f2ba9050167033a5577028a6b  2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.6-mdv2011.0.x86_64.rpm
 e4c484c9ce59772c5db0dcce8fd1a089  2011/x86_64/lib64openssl-static-devel-1.0.0d-2.6-mdv2011.0.x86_64.rpm
 2627947f2918036433adb94b1e3fb969  2011/x86_64/openssl-1.0.0d-2.6-mdv2011.0.x86_64.rpm 
 937b9e875720421f40755c25ea632ea5  2011/SRPMS/openssl-1.0.0d-2.6.src.rpm

2011 i586

 19caf1a1a78056bce3ba1c9d4f1d0415  2011/i586/libopenssl1.0.0-1.0.0d-2.6-mdv2011.0.i586.rpm
 02aa551535710c0d9803449c1802dbfa  2011/i586/libopenssl-devel-1.0.0d-2.6-mdv2011.0.i586.rpm
 3555729a0e0009a0764e942dfeee68d8  2011/i586/libopenssl-engines1.0.0-1.0.0d-2.6-mdv2011.0.i586.rpm
 502a554614d25909a184c0da675cbba8  2011/i586/libopenssl-static-devel-1.0.0d-2.6-mdv2011.0.i586.rpm
 01b3d6af849b464706b89caceaed0d79  2011/i586/openssl-1.0.0d-2.6-mdv2011.0.i586.rpm 
 937b9e875720421f40755c25ea632ea5  2011/SRPMS/openssl-1.0.0d-2.6.src.rpm

MES5 x86_64

 e96273b6039706744defbd92900ef1b8  mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.16mdvmes5.2.x86_64.rpm
 7670ac7b6ebf786327d8dbe7c29be516  mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.16mdvmes5.2.x86_64.rpm
 13631cb5321b44a4efdcb5ea405836c9  mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.16mdvmes5.2.x86_64.rpm
 7804bf621b5b1783dd1bd505ac62317a  mes5/x86_64/openssl-0.9.8h-3.16mdvmes5.2.x86_64.rpm 
 5010c18bde45e7521094adc6830bacaf  mes5/SRPMS/openssl-0.9.8h-3.16mdvmes5.2.src.rpm

2010.1 x86_64

 bff80e93a38d93e49b7a11bb17a9fc70  2010.1/x86_64/lib64openssl0.9.8-0.9.8x-0.1mdv2010.2.x86_64.rpm 
 bd6c7dd96f536c4ec97f57e9b580039b  2010.1/SRPMS/openssl0.9.8-0.9.8x-0.1mdv2010.2.src.rpm

References

• http://www.openssl.org/news/secadv_20120510.txt
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333