MDKSA-2006:161

Nom du paquet

openssl

Date

2006-09-06

Advisory ID

MDKSA-2006:161

Affected versions

CS3.0 i586 , MNF2.0 i586 , 2006.0 i586 , 2006.0 x86_64 , CS3.0 x86_64

Problem description

Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures where an RSA key with a small exponent used could be
vulnerable to forgery of a PKCS #1 v1.5 signature signed by that
key.

Any software using OpenSSL to verify X.509 certificates is potentially
vulnerable to this issue, as well as any other use of PKCS #1 v1.5,
including software uses OpenSSL for SSL or TLS.

Updated packages are patched to address this issue.

Updated packages

CS3.0 i586

 40f6d085215789e4bb9d5d144cee4519  corporate/3.0/RPMS/libopenssl0.9.7-0.9.7c-3.5.C30mdk.i586.rpm
 2fd00f3bd6efae0284aaa983073c8ba5  corporate/3.0/RPMS/libopenssl0.9.7-devel-0.9.7c-3.5.C30mdk.i586.rpm
 b368995e304f72c862fc34c6e61f35bf  corporate/3.0/RPMS/libopenssl0.9.7-static-devel-0.9.7c-3.5.C30mdk.i586.rpm
 654f5905b939a1c6126610b7e975f8f7  corporate/3.0/RPMS/openssl-0.9.7c-3.5.C30mdk.i586.rpm
 ccc3151e1c5aefcc98aa485596c2b3da  corporate/3.0/SRPMS/openssl-0.9.7c-3.5.C30mdk.src.rpm

MNF2.0 i586

 8ca726c9ffb94b6ae9a908d2face1f45  mnf/2.0/RPMS/libopenssl0.9.7-0.9.7c-3.5.M20mdk.i586.rpm
 eeabbfcc0760af52214ac1c9feec2f3b  mnf/2.0/RPMS/libopenssl0.9.7-devel-0.9.7c-3.5.M20mdk.i586.rpm
 abde84e0ec02fd29130f377513e6197c  mnf/2.0/RPMS/libopenssl0.9.7-static-devel-0.9.7c-3.5.M20mdk.i586.rpm
 3e2297db13861a1f5cff2cfa4f07a087  mnf/2.0/RPMS/openssl-0.9.7c-3.5.M20mdk.i586.rpm
 989ac61e16977199c36e43f59f80aafc  mnf/2.0/SRPMS/openssl-0.9.7c-3.5.M20mdk.src.rpm

2006.0 i586

 c17ba5cf8e5b881e4ad1a589a3f1edce  2006.0/RPMS/libopenssl0.9.7-0.9.7g-2.3.20060mdk.i586.rpm
 97f4dc513832ebbeaf23a5a2d7db9cb3  2006.0/RPMS/libopenssl0.9.7-devel-0.9.7g-2.3.20060mdk.i586.rpm
 fab62030b41168f237028be1263c5d0f  2006.0/RPMS/libopenssl0.9.7-static-devel-0.9.7g-2.3.20060mdk.i586.rpm
 afd477e58130b17633ac35691e519484  2006.0/RPMS/openssl-0.9.7g-2.3.20060mdk.i586.rpm
 77036eaf3b8326066a93ffc2e27841f3  2006.0/SRPMS/openssl-0.9.7g-2.3.20060mdk.src.rpm

2006.0 x86_64

 6176b92d5c947ebb0c321f22f7b6e31d  x86_64/2006.0/RPMS/lib64openssl0.9.7-0.9.7g-2.3.20060mdk.x86_64.rpm
 cb698592f2b76e0e9421a5bf13e7e070  x86_64/2006.0/RPMS/lib64openssl0.9.7-devel-0.9.7g-2.3.20060mdk.x86_64.rpm
 24bd46ecf22b8233b9d99a81824fe4f1  x86_64/2006.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7g-2.3.20060mdk.x86_64.rpm
 c1607ab1e2020f53353832d592f9019a  x86_64/2006.0/RPMS/openssl-0.9.7g-2.3.20060mdk.x86_64.rpm
 77036eaf3b8326066a93ffc2e27841f3  x86_64/2006.0/SRPMS/openssl-0.9.7g-2.3.20060mdk.src.rpm

CS3.0 x86_64

 017fd8538e3c3947dfea2c595471821b  x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-0.9.7c-3.5.C30mdk.x86_64.rpm
 b50ec610af735c08066788a612504b2c  x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-devel-0.9.7c-3.5.C30mdk.x86_64.rpm
 ea0f654bdaf22c3052380f0195b7304d  x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7c-3.5.C30mdk.x86_64.rpm
 9fad7d0621e268cf00cb7b4563b688b0  x86_64/corporate/3.0/RPMS/openssl-0.9.7c-3.5.C30mdk.x86_64.rpm
 ccc3151e1c5aefcc98aa485596c2b3da  x86_64/corporate/3.0/SRPMS/openssl-0.9.7c-3.5.C30mdk.src.rpm

References

• http://www.openssl.org/news/secadv_20060905.txt
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339