Package name
openssl
Date
2003-09-30
Advisory ID
MDKSA-2003:098
Affected versions
9.2 amd64 , 9.1 i586 , CS2.1 x86_64 , CS2.1 i586 , 9.2 i586 , 9.0 i586 , 8.2 i586 , MNF8.2 i586 , 9.1 i586

Problem description

Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which could be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. Depending upon the application targetted, the effects seen will vary; in some cases a DoS (Denial of Service) could be performed, in others nothing noticeable or adverse may happen. These two vulnerabilities have been assigned CAN-2003-0543 and CAN-2003-0544. Additionally, NISCC discovered a third bug in OpenSSL 0.9.7. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in deallocation of a structure, leading to a double free. This can be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. This vulnerability may be exploitable to execute arbitrary code. This vulnerability has been assigned CAN-2003-0545. The packages provided have been built with patches provided by the OpenSSL group that resolve these issues. A number of server applications such as OpenSSH and Apache that make use of OpenSSL need to be restarted after the update has been applied to ensure that they are protected from these issues. Users are encouraged to restart all of these services or reboot their systems.

Updated packages

9.2 amd64

 ca0c41a9170a10c229f684be684868f7  amd64/9.2/RPMS/lib64openssl0.9.7-0.9.7b-5.1.92mdk.amd64.rpm
8af5795542a822e90fc77639fa5495da  amd64/9.2/RPMS/lib64openssl0.9.7-devel-0.9.7b-5.1.92mdk.amd64.rpm
5b62e9e306b30bab44a03129c0b70583  amd64/9.2/RPMS/lib64openssl0.9.7-static-devel-0.9.7b-5.1.92mdk.amd64.rpm
c180a3b579ad35030e6a89fbf5b85bcb  amd64/9.2/RPMS/openssl-0.9.7b-5.1.92mdk.amd64.rpm
456833256d010d5df32490ce8b122a37  amd64/9.2/SRPMS/openssl-0.9.7b-5.1.92mdk.src.rpm

9.1 i586

 42365cfe8a9214a747bd1fa6329baec8  9.1/RPMS/libopenssl0-0.9.6i-1.2.91mdk.i586.rpm
a3a5046af719b864a337ce432e694a8b  9.1/RPMS/libopenssl0.9.7-0.9.7a-1.2.91mdk.i586.rpm
2e879f9d5349458c5653e97f20cf2218  9.1/RPMS/libopenssl0.9.7-devel-0.9.7a-1.2.91mdk.i586.rpm
cf9bc9fc1cce8841d3cdb1d9fcd8b313  9.1/RPMS/libopenssl0.9.7-static-devel-0.9.7a-1.2.91mdk.i586.rpm
b475cc257c14dbaccd9007afa14096f5  9.1/RPMS/openssl-0.9.7a-1.2.91mdk.i586.rpm
329bd3dd8cdfad6d445b4fbcc953dc91  9.1/SRPMS/openssl-0.9.7a-1.2.91mdk.src.rpm
9498e31ab37a4455f31827ce51afb221  9.1/SRPMS/openssl0.9.6-0.9.6i-1.2.91mdk.src.rpm

CS2.1 x86_64

 eab60b3828aeec0e2717890e51a90e76  x86_64/corporate/2.1/RPMS/libopenssl0-0.9.6i-1.6.90mdk.x86_64.rpm
19d8a676a11293d8e6acb429bed63a99  x86_64/corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.6.90mdk.x86_64.rpm
5eb3936b8fade73ca1c334d67edad3ae  x86_64/corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.6.90mdk.x86_64.rpm
9df6c6e820719ac33744e1708621bdf3  x86_64/corporate/2.1/RPMS/openssl-0.9.6i-1.6.90mdk.x86_64.rpm
6982c0adf01f00ea5d49deb24011c278  x86_64/corporate/2.1/SRPMS/openssl-0.9.6i-1.6.90mdk.src.rpm

CS2.1 i586

 ec80ef980212f5bf294f147e5bc19f76  corporate/2.1/RPMS/libopenssl0-0.9.6i-1.6.90mdk.i586.rpm
1de4f2038f479b1b779d5b2c9320e8fb  corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.6.90mdk.i586.rpm
4946dc25021ef97eb6513f3dd1dd16f6  corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.6.90mdk.i586.rpm
3d5e3a05ead47fafa59240be9efc87d2  corporate/2.1/RPMS/openssl-0.9.6i-1.6.90mdk.i586.rpm
6982c0adf01f00ea5d49deb24011c278  corporate/2.1/SRPMS/openssl-0.9.6i-1.6.90mdk.src.rpm

9.2 i586

 db717c9a2e8f98905290d341e799c7b2  9.2/RPMS/libopenssl0.9.7-0.9.7b-4.1.92mdk.i586.rpm
76ba7c153a75c5dcfeae9f9f16f001e4  9.2/RPMS/libopenssl0.9.7-devel-0.9.7b-4.1.92mdk.i586.rpm
7655e50f898e4e4d368cd8e47d38806d  9.2/RPMS/libopenssl0.9.7-static-devel-0.9.7b-4.1.92mdk.i586.rpm
3f846e75cfdbdd9e818376474e1e54c0  9.2/RPMS/openssl-0.9.7b-4.1.92mdk.i586.rpm
738181704cb49e34d982a5b4224cc66c  9.2/SRPMS/openssl-0.9.7b-4.1.92mdk.src.rpm

9.0 i586

 ec80ef980212f5bf294f147e5bc19f76  9.0/RPMS/libopenssl0-0.9.6i-1.6.90mdk.i586.rpm
1de4f2038f479b1b779d5b2c9320e8fb  9.0/RPMS/libopenssl0-devel-0.9.6i-1.6.90mdk.i586.rpm
4946dc25021ef97eb6513f3dd1dd16f6  9.0/RPMS/libopenssl0-static-devel-0.9.6i-1.6.90mdk.i586.rpm
3d5e3a05ead47fafa59240be9efc87d2  9.0/RPMS/openssl-0.9.6i-1.6.90mdk.i586.rpm
6982c0adf01f00ea5d49deb24011c278  9.0/SRPMS/openssl-0.9.6i-1.6.90mdk.src.rpm

8.2 i586

 e8d13a3adbd679a0c1cd15dd28eb02f1  8.2/RPMS/libopenssl0-0.9.6i-1.5.82mdk.i586.rpm
4b783a98f4cc48be8a6b680a92f374ce  8.2/RPMS/libopenssl0-devel-0.9.6i-1.5.82mdk.i586.rpm
0481e5edacc8985d7255266fd136ceba  8.2/RPMS/libopenssl0-static-devel-0.9.6i-1.5.82mdk.i586.rpm
93a47ac82a618905c7d4a6e0d276c586  8.2/RPMS/openssl-0.9.6i-1.5.82mdk.i586.rpm
15b7ba1d342ae3531964e60a186874d8  8.2/SRPMS/openssl-0.9.6i-1.5.82mdk.src.rpm

MNF8.2 i586

 e8d13a3adbd679a0c1cd15dd28eb02f1  mnf8.2/RPMS/libopenssl0-0.9.6i-1.5.82mdk.i586.rpm
93a47ac82a618905c7d4a6e0d276c586  mnf8.2/RPMS/openssl-0.9.6i-1.5.82mdk.i586.rpm
15b7ba1d342ae3531964e60a186874d8  mnf8.2/SRPMS/openssl-0.9.6i-1.5.82mdk.src.rpm

9.1 i586

 915f8ab4ea91e0d876c9204b1f3699b0  ppc/9.1/RPMS/libopenssl0-0.9.6i-1.2.91mdk.ppc.rpm
fafb4ac4c88c321d3c8fb7fdba54bac4  ppc/9.1/RPMS/libopenssl0.9.7-0.9.7a-1.2.91mdk.ppc.rpm
184be4bdf922fbc28b590a71b7cf8c10  ppc/9.1/RPMS/libopenssl0.9.7-devel-0.9.7a-1.2.91mdk.ppc.rpm
09e1bd3c05323d10d8002a44dbbc85dd  ppc/9.1/RPMS/libopenssl0.9.7-static-devel-0.9.7a-1.2.91mdk.ppc.rpm
cfbcacc68e2585a5fcbbeb8c9fc3b0d7  ppc/9.1/RPMS/openssl-0.9.7a-1.2.91mdk.ppc.rpm
329bd3dd8cdfad6d445b4fbcc953dc91  ppc/9.1/SRPMS/openssl-0.9.7a-1.2.91mdk.src.rpm
9498e31ab37a4455f31827ce51afb221  ppc/9.1/SRPMS/openssl0.9.6-0.9.6i-1.2.91mdk.src.rpm

References