SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   OpenSSL Vendors:   OpenSSL.org
(Red Hat Issues Fix) Re: OpenSSL Has Multiple Buffer Overflows That Allow Remote Users to Execute Arbitrary Code with Root Privileges
SecurityTracker Alert ID:  1004881
SecurityTracker URL:  http://securitytracker.com/id/1004881
CVE Reference:   CVE-2002-0655, CVE-2002-0656, CVE-2002-0657, CVE-2002-0659   (Links to External Site)
Date:  Jul 30 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.6d or earlier, 0.9.7-beta2 or earlier, 0.9.7 current development snapshots
Description:   Four buffer overflow conditions were reported in OpenSSL. All four may allow a remote user to execute arbitrary code.

The vendor has reported that A.L. Digital Ltd and The Bunker have uncovered multiple buffer overflows in OpenSSL, discovered during a security review.

A remote user could create a specially crafted, oversized client master key and use SSL2 to trigger an overflow on an SSL server. According to the report, this vulnerability was independently discovered by Neohapsis, which has confirmed that the overflow can be exploited to execute arbitrary code.

A remote user with an SSL server could create a specially crafted, oversized session ID and supply this ID to a target client using SSL3 to trigger an overflow.

A remote user could supply a specially crafted, oversized master key to an SSL3 server to trigger an overflow. It is reported that this flaw affects OpenSSL 0.9.7 prior to version 0.9.7-beta3 when Kerberos is enabled.

Several buffers used for ASCII representations of integers are reportedly too small on 64 bit platforms.

The report also states that other potential buffer overflows that are currently considered to be non-exploitable have been discovered.

The vendor notes that Adi Stav and James Yonan independently reported that the ASN1 parser can be confused by certain invalid encodings, potentially allowing a remote user to cause denial of service conditions. An OpenSSL-based application that use the ASN1 library to parse untrusted data (including all SSL or TLS applications using S/MIME [PKCS#7] or certificate generation routines) are affected.

Impact:   A remote user acting as an SSL client could execute arbitrary code on an SSL server. A remote user acting as an SSL server could cause arbitrary code to be executed on an SSL client that is connecting to the server. In each case, the code would run with privileges of the affected implementation.

A remote user may be able cause denial of service conditions.

Solution:   Red Hat has issued a fix for Red Hat Linux. Because both client and server applications are affected by these vulnerabilities, Red Hat advises users to reboot their systems after installing these updates.

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/openssl-0.9.5a-26.src.rpm

alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/openssl-0.9.5a-26.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/openssl-devel-0.9.5a-26.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/openssl-perl-0.9.5a-26.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/openssl-python-0.9.5a-26.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/openssl-0.9.5a-26.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/openssl-devel-0.9.5a-26.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/openssl-perl-0.9.5a-26.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/openssl-python-0.9.5a-26.i386.rpm

sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/openssl-0.9.5a-26.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/openssl-devel-0.9.5a-26.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/openssl-perl-0.9.5a-26.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/openssl-python-0.9.5a-26.sparc.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
ftp://updates.redhat.com/7.0/en/os/SRPMS/openssl-0.9.6-10.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/openssl095a-0.9.5a-14.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssl-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssl-devel-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssl-perl-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssl-python-0.9.6-10.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-devel-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-perl-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-python-0.9.6-10.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
ftp://updates.redhat.com/7.1/en/os/SRPMS/openssl-0.9.6-10.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/openssl095a-0.9.5a-14.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/openssl-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/openssl-devel-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/openssl-perl-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/openssl-python-0.9.6-10.alpha.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-devel-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-perl-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-python-0.9.6-10.i386.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/openssl095a-0.9.5a-14.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/openssl-0.9.6-10.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/openssl-devel-0.9.6-10.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/openssl-perl-0.9.6-10.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/openssl-python-0.9.6-10.ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl096-0.9.6-9.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl-0.9.6b-24.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl096-0.9.6-9.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-0.9.6b-24.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-devel-0.9.6b-24.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-perl-0.9.6b-24.i386.rpm

i686:
ftp://updates.redhat.com/7.2/en/os/i686/openssl-0.9.6b-24.i686.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/openssl095a-0.9.5a-14.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl096-0.9.6-9.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-0.9.6b-24.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-devel-0.9.6b-24.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-perl-0.9.6b-24.ia64.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl096-0.9.6-9.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl-0.9.6b-24.src.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl096-0.9.6-9.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-0.9.6b-24.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-devel-0.9.6b-24.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-perl-0.9.6b-24.i386.rpm

i686:
ftp://updates.redhat.com/7.3/en/os/i686/openssl-0.9.6b-24.i686.rpm

For the verification checksums, see the Source Message.

Vendor URL:  www.openssl.org/news/secadv_20020730.txt (Links to External Site)
Cause:   Boundary error, Exception handling error
Underlying OS:  Linux (Red Hat Linux)
Underlying OS Comments:  6.2, 7.0, 7.1, 7.2, 7.3

Message History:   This archive entry is a follow-up to the message listed below.
Jul 30 2002 OpenSSL Has Multiple Buffer Overflows That Allow Remote Users to Execute Arbitrary Code with Root Privileges



 Source Message Contents

Subject:  [RHSA-2002:155-11] Updated openssl packages fix remote vulnerabilities


---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated openssl packages fix remote vulnerabilities
Advisory ID:       RHSA-2002:155-11
Issue date:        2002-07-25
Updated on:        2002-07-29
Product:           Red Hat Linux
Keywords:          OpenSSL master session key
Cross references:  
Obsoletes:         RHSA-2001:051
CVE Names:         CAN-2002-0655 CAN-2002-0656
---------------------------------------------------------------------

1. Topic:

Updated OpenSSL packages are available which fix several serious buffer
overflow vulnerabilities.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - alpha, i386, sparc

Red Hat Linux 7.0 - alpha, i386

Red Hat Linux 7.1 - alpha, i386, ia64

Red Hat Linux 7.2 - i386, i686, ia64

Red Hat Linux 7.3 - i386, i686

3. Problem description:

OpenSSL is a commercial-grade, full-featured, and Open Source toolkit which
implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer
Security (TLS v1) protocols as well as a full-strength general purpose
cryptography library. A security audit of the OpenSSL code sponsored by
DARPA found several buffer overflows in OpenSSL which affect versions 0.9.7
and 0.9.6d and earlier:

1. The master key supplied by a client to an SSL version 2 server could be
oversized, causing a stack-based buffer overflow. This issue is remotely
exploitable. Services that have SSLv2 disabled would not be vulnerable to
this issue. (CAN-2002-0656)

2. The SSLv3 session ID supplied to a client from a malicious server could
be oversized and overrun a buffer. This issue looks to be remotely
exploitable. (CAN-2002-0656)

3. Various buffers used for storing ASCII representations of integers were
too small on 64 bit platforms. This issue may be exploitable. (CAN-2002-0655)

A further issue was found in OpenSSL 0.9.7 that does not affect versions of
OpenSSL shipped with Red Hat Linux (CAN-2002-0657).

A large number of applications within Red Hat Linux make use the OpenSSL
library to provide SSL support.  All users are therefore advised to upgrade
to the errata OpenSSL packages, which contain patches to correct these
vulnerabilities.

NOTE: 

Please read the Solution section below as it contains instructions for
making sure that all SSL-enabled processes are restarted after the update
is applied.

Thanks go to the OpenSSL team and Ben Laurie for providing patches for
these issues.

4. Solution:

IMPORTANT:

Because both client and server applications are affected by these
vulnerabilities, we advise users to reboot their systems after installing
these updates.

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):



6. RPMs required:

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/openssl-0.9.5a-26.src.rpm

alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/openssl-0.9.5a-26.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/openssl-devel-0.9.5a-26.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/openssl-perl-0.9.5a-26.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/openssl-python-0.9.5a-26.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/openssl-0.9.5a-26.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/openssl-devel-0.9.5a-26.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/openssl-perl-0.9.5a-26.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/openssl-python-0.9.5a-26.i386.rpm

sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/openssl-0.9.5a-26.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/openssl-devel-0.9.5a-26.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/openssl-perl-0.9.5a-26.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/openssl-python-0.9.5a-26.sparc.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
ftp://updates.redhat.com/7.0/en/os/SRPMS/openssl-0.9.6-10.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/openssl095a-0.9.5a-14.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssl-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssl-devel-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssl-perl-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssl-python-0.9.6-10.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-devel-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-perl-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-python-0.9.6-10.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
ftp://updates.redhat.com/7.1/en/os/SRPMS/openssl-0.9.6-10.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/openssl095a-0.9.5a-14.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/openssl-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/openssl-devel-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/openssl-perl-0.9.6-10.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/openssl-python-0.9.6-10.alpha.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-devel-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-perl-0.9.6-10.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-python-0.9.6-10.i386.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/openssl095a-0.9.5a-14.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/openssl-0.9.6-10.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/openssl-devel-0.9.6-10.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/openssl-perl-0.9.6-10.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/openssl-python-0.9.6-10.ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl096-0.9.6-9.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl-0.9.6b-24.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl096-0.9.6-9.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-0.9.6b-24.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-devel-0.9.6b-24.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-perl-0.9.6b-24.i386.rpm

i686:
ftp://updates.redhat.com/7.2/en/os/i686/openssl-0.9.6b-24.i686.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/openssl095a-0.9.5a-14.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl096-0.9.6-9.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-0.9.6b-24.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-devel-0.9.6b-24.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-perl-0.9.6b-24.ia64.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl096-0.9.6-9.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl-0.9.6b-24.src.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl096-0.9.6-9.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-0.9.6b-24.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-devel-0.9.6b-24.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-perl-0.9.6b-24.i386.rpm

i686:
ftp://updates.redhat.com/7.3/en/os/i686/openssl-0.9.6b-24.i686.rpm



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
61c1681e13328fe5cc5de13003cecbfa 6.2/en/os/SRPMS/openssl-0.9.5a-26.src.rpm
b5a092d4197eabfaefeed4d260d1b98e 6.2/en/os/alpha/openssl-0.9.5a-26.alpha.rpm
711624c0394b7c0fca42750726d32f3d 6.2/en/os/alpha/openssl-devel-0.9.5a-26.alpha.rpm
76d65cd6d29616fd9933912b09bede48 6.2/en/os/alpha/openssl-perl-0.9.5a-26.alpha.rpm
267eb03ac96a182b9fa11a5ba3b9389d 6.2/en/os/alpha/openssl-python-0.9.5a-26.alpha.rpm
b99f516e99f7b0b90feea4cd0fb1edab 6.2/en/os/i386/openssl-0.9.5a-26.i386.rpm
0ffd8b3d708b8fdcc6bc6ae91f3d1940 6.2/en/os/i386/openssl-devel-0.9.5a-26.i386.rpm
b9db1140f4806ec3f4f1a832aad21afc 6.2/en/os/i386/openssl-perl-0.9.5a-26.i386.rpm
388b3147b88607bb47b563532b4ff155 6.2/en/os/i386/openssl-python-0.9.5a-26.i386.rpm
810e6131fee818819213d326c596719b 6.2/en/os/sparc/openssl-0.9.5a-26.sparc.rpm
9ab8a7b059a198837cad649e7c4b1f92 6.2/en/os/sparc/openssl-devel-0.9.5a-26.sparc.rpm
e4ab888ccd8200c66de485408b3518b9 6.2/en/os/sparc/openssl-perl-0.9.5a-26.sparc.rpm
305e69febe8751a6839324593be55087 6.2/en/os/sparc/openssl-python-0.9.5a-26.sparc.rpm
6a1a51baec50250feb6a7df0914c086d 7.0/en/os/SRPMS/openssl-0.9.6-10.src.rpm
ddd832b579f5f92234fd3bdc0088585c 7.0/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
80e27f1105c86ad37f47ed9c6da01e75 7.0/en/os/alpha/openssl-0.9.6-10.alpha.rpm
fe5999b2892ef3af48707a0900d24741 7.0/en/os/alpha/openssl-devel-0.9.6-10.alpha.rpm
7f0ad5a594254071c63d46c554a73cfe 7.0/en/os/alpha/openssl-perl-0.9.6-10.alpha.rpm
30fb55bf1ff5f8113fe4fce2907db6de 7.0/en/os/alpha/openssl-python-0.9.6-10.alpha.rpm
2c67e47754d3c46828a46b858d5227e5 7.0/en/os/alpha/openssl095a-0.9.5a-14.alpha.rpm
9b9780f4124111d800cbc698f601eed4 7.0/en/os/i386/openssl-0.9.6-10.i386.rpm
d81f3d47b8d725bb71ad7809c81e0486 7.0/en/os/i386/openssl-devel-0.9.6-10.i386.rpm
776c915db7a72e5f22cdffadfb56f2c9 7.0/en/os/i386/openssl-perl-0.9.6-10.i386.rpm
1c916fb95c1b8f9c44840667a4aea2cd 7.0/en/os/i386/openssl-python-0.9.6-10.i386.rpm
9f4ddecdbc78517f7e43648132c9873a 7.0/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
6a1a51baec50250feb6a7df0914c086d 7.1/en/os/SRPMS/openssl-0.9.6-10.src.rpm
ddd832b579f5f92234fd3bdc0088585c 7.1/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
80e27f1105c86ad37f47ed9c6da01e75 7.1/en/os/alpha/openssl-0.9.6-10.alpha.rpm
fe5999b2892ef3af48707a0900d24741 7.1/en/os/alpha/openssl-devel-0.9.6-10.alpha.rpm
7f0ad5a594254071c63d46c554a73cfe 7.1/en/os/alpha/openssl-perl-0.9.6-10.alpha.rpm
30fb55bf1ff5f8113fe4fce2907db6de 7.1/en/os/alpha/openssl-python-0.9.6-10.alpha.rpm
2c67e47754d3c46828a46b858d5227e5 7.1/en/os/alpha/openssl095a-0.9.5a-14.alpha.rpm
9b9780f4124111d800cbc698f601eed4 7.1/en/os/i386/openssl-0.9.6-10.i386.rpm
d81f3d47b8d725bb71ad7809c81e0486 7.1/en/os/i386/openssl-devel-0.9.6-10.i386.rpm
776c915db7a72e5f22cdffadfb56f2c9 7.1/en/os/i386/openssl-perl-0.9.6-10.i386.rpm
1c916fb95c1b8f9c44840667a4aea2cd 7.1/en/os/i386/openssl-python-0.9.6-10.i386.rpm
9f4ddecdbc78517f7e43648132c9873a 7.1/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
0c246f63818de647a1b1810187c13381 7.1/en/os/ia64/openssl-0.9.6-10.ia64.rpm
5966099d03ba051a1784f7eba666815b 7.1/en/os/ia64/openssl-devel-0.9.6-10.ia64.rpm
30d8263af19b234b1ff6b48915a4760d 7.1/en/os/ia64/openssl-perl-0.9.6-10.ia64.rpm
0eb73d5aa9c2a0f693ff8c60bf4a9321 7.1/en/os/ia64/openssl-python-0.9.6-10.ia64.rpm
5e6e3c534cac94d57e14fae37f213333 7.1/en/os/ia64/openssl095a-0.9.5a-14.ia64.rpm
93ab0985d11a15fe39e24a548b1885e6 7.2/en/os/SRPMS/openssl-0.9.6b-24.src.rpm
ddd832b579f5f92234fd3bdc0088585c 7.2/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
449151345e809f531c316cb9d1df033b 7.2/en/os/SRPMS/openssl096-0.9.6-9.src.rpm
c181eab20db43421e20a0e5cd18a1b0d 7.2/en/os/i386/openssl-0.9.6b-24.i386.rpm
b74adb3f6208aeddfda7d1b1f0063802 7.2/en/os/i386/openssl-devel-0.9.6b-24.i386.rpm
189345f3cee952484fcd2a40246aa28b 7.2/en/os/i386/openssl-perl-0.9.6b-24.i386.rpm
9f4ddecdbc78517f7e43648132c9873a 7.2/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
c37591c97b216af1290cfcc82e74abb3 7.2/en/os/i386/openssl096-0.9.6-9.i386.rpm
0189237bd50fc00fb777cd782aa70e2e 7.2/en/os/i686/openssl-0.9.6b-24.i686.rpm
a5e045a90bf2fae63b9fd7c7a7ed265b 7.2/en/os/ia64/openssl-0.9.6b-24.ia64.rpm
1c047ebddc6b5bad180bba5eb6549f63 7.2/en/os/ia64/openssl-devel-0.9.6b-24.ia64.rpm
2e96f756ac9fab96db2e2e672f11b62b 7.2/en/os/ia64/openssl-perl-0.9.6b-24.ia64.rpm
5e6e3c534cac94d57e14fae37f213333 7.2/en/os/ia64/openssl095a-0.9.5a-14.ia64.rpm
e402bc51ebe69e9e18132a29f1555c15 7.2/en/os/ia64/openssl096-0.9.6-9.ia64.rpm
93ab0985d11a15fe39e24a548b1885e6 7.3/en/os/SRPMS/openssl-0.9.6b-24.src.rpm
ddd832b579f5f92234fd3bdc0088585c 7.3/en/os/SRPMS/openssl095a-0.9.5a-14.src.rpm
449151345e809f531c316cb9d1df033b 7.3/en/os/SRPMS/openssl096-0.9.6-9.src.rpm
c181eab20db43421e20a0e5cd18a1b0d 7.3/en/os/i386/openssl-0.9.6b-24.i386.rpm
b74adb3f6208aeddfda7d1b1f0063802 7.3/en/os/i386/openssl-devel-0.9.6b-24.i386.rpm
189345f3cee952484fcd2a40246aa28b 7.3/en/os/i386/openssl-perl-0.9.6b-24.i386.rpm
9f4ddecdbc78517f7e43648132c9873a 7.3/en/os/i386/openssl095a-0.9.5a-14.i386.rpm
c37591c97b216af1290cfcc82e74abb3 7.3/en/os/i386/openssl096-0.9.6-9.i386.rpm
0189237bd50fc00fb777cd782aa70e2e 7.3/en/os/i686/openssl-0.9.6b-24.i686.rpm
 

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

8. References:


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656



Copyright(c) 2000, 2001, 2002 Red Hat, Inc.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC