Package name
openssl
Date
2009-01-08
Advisory ID
MDVSA-2009:001
Affected versions
2009.0 x86_64 , CS4.0 x86_64 , MNF2.0 i586 , 2008.0 i586 , 2009.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586 , CS4.0 i586

Problem description

A vulnerability was found by the Google Security Team with how OpenSSL
checked the verification of certificates. An attacker in control of a
malicious server or able to effect a man-in-the-middle attack, could
present a malformed SSL/TLS signature from a certificate chain to a
vulnerable client, which would then bypass the certificate validation
(CVE-2008-5077).

The updated packages have been patched to prevent this issue.

Updated packages

2009.0 x86_64

 d2cc04fc0bdaeea8e4cc5d7ab4e997fd  2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.1mdv2009.0.x86_64.rpm
 b537da3113c75f87c4fa8d66be2d6797  2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm
 ef9add2bec302b324b9c0690cf79b57c  2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm
 16b8c11f4d6dedf2e4176bfc55607c15  2009.0/x86_64/openssl-0.9.8h-3.1mdv2009.0.x86_64.rpm 
 8ad6b0d8aff3bb992d716668450aef3a  2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm

CS4.0 x86_64

 de71d0bbc98589afdf03b7a99aad7103  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.7.20060mlcs4.x86_64.rpm
 0c330148b55987e50f491c7e4d3b65a5  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm
 ce64720b2685fada3e88a5725c43b532  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm
 29f0f40602184d7f366e1d1d8e5c03e4  corporate/4.0/x86_64/openssl-0.9.7g-2.7.20060mlcs4.x86_64.rpm 
 4df38ebd98b467bdee0d4a24d3b0158f  corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm

MNF2.0 i586

 74a4beac1c01f9fd888dd5eea356f7be  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm
 c809a08f26051c7a3931ccda00c94429  mnf/2.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm 
 8ae9f7004b77dca2317980ba4215dc92  mnf/2.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm

2008.0 i586

 6585e08eab279e6a249630385683bf43  2008.0/i586/libopenssl0.9.8-0.9.8e-8.2mdv2008.0.i586.rpm
 b5955c2c0a2cc24abd9f5f3ebc7d0148  2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.2mdv2008.0.i586.rpm
 7c92323d7aa583b936ef908f3f6ac867  2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.i586.rpm
 2b791168311c3ecba4f8b7acd24e64ab  2008.0/i586/openssl-0.9.8e-8.2mdv2008.0.i586.rpm 
 cf51c48e4c05ac5357f6076fbaeff0a5  2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm

2009.0 i586

 2512f6a41e9a8e7bcff53e5737029689  2009.0/i586/libopenssl0.9.8-0.9.8h-3.1mdv2009.0.i586.rpm
 d7774faaed2866da5bb05cbcf07604da  2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.1mdv2009.0.i586.rpm
 ed99160bdf1ce33fa81dc47c71915318  2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.i586.rpm
 6116fafed014596ee1e6ec43db93133f  2009.0/i586/openssl-0.9.8h-3.1mdv2009.0.i586.rpm 
 8ad6b0d8aff3bb992d716668450aef3a  2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm

CS3.0 x86_64

 64521521330df90b42c9c37cafe50b54  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.9.C30mdk.x86_64.rpm
 3a85c30c0511e42ec76c80e08efe5192  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.9.C30mdk.x86_64.rpm
 12af66f30c5022d8d29b57a9131458c3  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.x86_64.rpm
 62f5c54be99ddc9458670ae04b24d3f0  corporate/3.0/x86_64/openssl-0.9.7c-3.9.C30mdk.x86_64.rpm 
 dcd1a4feb1a04302c54465dce7c7c506  corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm

2008.0 x86_64

 6259ac00622227eee59f888bc516bc3a  2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.2mdv2008.0.x86_64.rpm
 fe745327c1bbb599e025a5b90bb05817  2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm
 bdb7113b06aab0c4d77cbf86bcf208c2  2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm
 d4fda198a80b88c7caaf947af0866df8  2008.0/x86_64/openssl-0.9.8e-8.2mdv2008.0.x86_64.rpm 
 cf51c48e4c05ac5357f6076fbaeff0a5  2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm

CS3.0 i586

 5e8f4b7c1e646d0e16af2d83238a011b  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm
 5115d911b9a6842fd0c3495429c7c2f2  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.9.C30mdk.i586.rpm
 b934b4f9686deef6cb1eba750ab36288  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.i586.rpm
 11ec8a4df261d4d4fa9957d33be08604  corporate/3.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm 
 dcd1a4feb1a04302c54465dce7c7c506  corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm

2008.1 x86_64

 71a69804b928a9f7856f65fee332c5ab  2008.1/x86_64/lib64openssl0.9.8-0.9.8g-4.2mdv2008.1.x86_64.rpm
 e9c5d1d4895a5a679945bde62df6f988  2008.1/x86_64/lib64openssl0.9.8-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm
 7f2d66839f93e2083dcd1b1f27ca4ddf  2008.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm
 40408ffdf13faa6c79b28c764bb88b22  2008.1/x86_64/openssl-0.9.8g-4.2mdv2008.1.x86_64.rpm 
 7395d0e10c1938be16261baba05da55c  2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm

2008.1 i586

 4a0be98cd3fb82a22e3836c5ae81ed37  2008.1/i586/libopenssl0.9.8-0.9.8g-4.2mdv2008.1.i586.rpm
 277058ecc1d26d24bf4da5ea27d4a31f  2008.1/i586/libopenssl0.9.8-devel-0.9.8g-4.2mdv2008.1.i586.rpm
 29b08a5a233f1987c4ca98aaa4e97ac5  2008.1/i586/libopenssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.i586.rpm
 e47be879abc0c089a8f380469a6a62c8  2008.1/i586/openssl-0.9.8g-4.2mdv2008.1.i586.rpm 
 7395d0e10c1938be16261baba05da55c  2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm

CS4.0 i586

 60c64d9ead2b01fb39058a705fcb95dc  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.7.20060mlcs4.i586.rpm
 fb4d5555c211b375707bf7d194e74776  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.i586.rpm
 c13ff967b4310e5a790e85595f940b7e  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.i586.rpm
 e9a96a389c00ee674d689e3747c3e501  corporate/4.0/i586/openssl-0.9.7g-2.7.20060mlcs4.i586.rpm 
 4df38ebd98b467bdee0d4a24d3b0158f  corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm

References