From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1763-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff
April 06, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openssl
Vulnerability : programming error
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-0590
It was discovered that insufficient length validations in the ASN.1
handling of the OpenSSL crypto library may lead to denial of service
when processing a manipulated certificate.
For the old stable distribution (etch), this problem has been fixed in
version 0.9.8c-4etch5 of the openssl package and in version
0.9.7k-3.1etch3 of the openssl097 package.
For the stable distribution (lenny), this problem has been fixed in
version 0.9.8g-15+lenny1.
For the unstable distribution (sid), this problem has been fixed in
version 0.9.8g-16.
We recommend that you upgrade your openssl packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5.diff.gz
Size/MD5 checksum: 57522 e91c772dc52507ae188e315d6c23f417
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c.orig.tar.gz
Size/MD5 checksum: 3313857 78454bec556bcb4c45129428a766c886
http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch3.dsc
Size/MD5 checksum: 777 334d05a51fff104d153daacbb815cacf
http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch3.diff.gz
Size/MD5 checksum: 35385 96ab5825d00d34b39d5582a192a164f1
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5.dsc
Size/MD5 checksum: 815 94b8be7fe51bf1b44a6139e67794eaaa
http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k.orig.tar.gz
Size/MD5 checksum: 3292692 be6bba1d67b26eabb48cf1774925416f
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_alpha.deb
Size/MD5 checksum: 2556248 b9e1c614f55f47df00d19a67ea883970
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_alpha.deb
Size/MD5 checksum: 2207186 54020d72b2b6bda696b1954f2cee2fe5
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_alpha.udeb
Size/MD5 checksum: 677170 f9b1db70bcabf8791fa5bcfb0d791718
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_alpha.deb
Size/MD5 checksum: 4560596 5ac21cb15e9caa1bff002b265858fe9d
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_alpha.deb
Size/MD5 checksum: 1014956 f92c89b7b15f33f39134cac6951dc6e5
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_alpha.deb
Size/MD5 checksum: 2622860 3fba6ede4fa65b807863659c31ab59f1
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_alpha.deb
Size/MD5 checksum: 3821220 7dc619d44f2697cba302bb833b6a76f0
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_amd64.deb
Size/MD5 checksum: 755134 cdebe8fd9ece447cc34f61922adf1654
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_amd64.deb
Size/MD5 checksum: 1017566 c801470c6c894669543a54082146c790
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_amd64.deb
Size/MD5 checksum: 891472 92f047d8e034ab564cea8a60ac1beee7
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_amd64.deb
Size/MD5 checksum: 2187560 15512947ee287be778abde9c58149502
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_amd64.deb
Size/MD5 checksum: 1328694 5e59b6cbcbb6a0c99c76de778ad59ef2
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_amd64.deb
Size/MD5 checksum: 1655376 5cb373868504d83f36c8e0b00d326bc4
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_amd64.udeb
Size/MD5 checksum: 580288 784b1606bbfd8578e19aac3176aee48e
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_arm.deb
Size/MD5 checksum: 806170 2f788b112acf9b4278558617beb0fc39
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_arm.deb
Size/MD5 checksum: 2050292 5ad28378161a54418c58dbc91e3ccd68
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_arm.deb
Size/MD5 checksum: 1537684 2cbf49a20901aff3e29a5eeba233c649
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_arm.deb
Size/MD5 checksum: 672566 ce12740940622b7bd40e6b1b15b1a23e
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_arm.udeb
Size/MD5 checksum: 516598 5e1dc375946a1118fe7b15a4b5217148
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_arm.deb
Size/MD5 checksum: 1230132 32da60e936f1a50032e63912360e8763
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)