From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2100-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff
August 30, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openssl
Vulnerability : double free
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2010-2939
George Guninski discovered a double free in the ECDH code of the OpenSSL
crypto library, which may lead to denial of service and potentially the execution of arbitrary code.
For the stable distribution (lenny), this problem has been fixed in
version 0.9.8g-15+lenny8.
For the unstable distribution (sid), this problem has been fixed in
version 0.9.8o-2.
We recommend that you upgrade your openssl packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz
Size/MD5 checksum: 3354792 acf70a16359bf3658bdfb74bda1c4419
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8.dsc
Size/MD5 checksum: 1973 b3bc5cc9d4396dd53408d1523e5d9922
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8.diff.gz
Size/MD5 checksum: 60148 e011a196c7a96bdcfba8e8d1c7842d7a
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_alpha.deb
Size/MD5 checksum: 1028966 c533c4f1ed722bfc684fb2aa7ae0bbaf
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_alpha.deb
Size/MD5 checksum: 2583198 ee814656292202df8e66508a78e76757
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_alpha.udeb
Size/MD5 checksum: 722118 7bfdc9cff603e3c71014987e99a33637
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_alpha.deb
Size/MD5 checksum: 2814048 c5309df7a3eff59618da50ea20e0bb1f
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_alpha.deb
Size/MD5 checksum: 4369476 8e583136a6e221ba239a305447cd55fd
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_amd64.deb
Size/MD5 checksum: 975790 04b625095430068834e3621b47749d60
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_amd64.deb
Size/MD5 checksum: 2243092 0b4a82a5a95df9d092498065e2c69d88
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_amd64.deb
Size/MD5 checksum: 1627634 e86e98d321e13f6941a5b14568cecbae
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_amd64.udeb
Size/MD5 checksum: 638416 d578d3861d7402f70d340cb138e969c8
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_amd64.deb
Size/MD5 checksum: 1043270 7ccee021eceb10b6bcd55222f0f9c00f
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_arm.deb
Size/MD5 checksum: 1028840 a473c6b7dfc800b0ad4f3a2320ed34e5
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_arm.deb
Size/MD5 checksum: 1490650 9032ae14c182e5adbe934b083588a785
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_arm.deb
Size/MD5 checksum: 2087038 b17611d1c503a30363357014a4523414
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_arm.udeb
Size/MD5 checksum: 536038 e44733e9826dc24561732f7885df50f3
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_arm.deb
Size/MD5 checksum: 844412 1a23967e4c4c3ad3f97c21a47e8d3bac
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_armel.deb
Size/MD5 checksum: 1031134 cfce1ef9bc3a6768ed052b23d9781cdf
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_armel.deb
Size/MD5 checksum: 849994 340a78374851cbd1aca2ea8344ba54ba
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_armel.deb
Size/MD5 checksum: 2096496 34ad0dffc16f3ff0deac8fb6e8b2cd2e
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_armel.udeb
Size/MD5 checksum: 540784 51b9cd8fee37fbd55c512db13e556b2c
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_armel.deb
Size/MD5 checksum: 1506252 7d52d569cd8be4e1ce2f60cf05519ed8
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_hppa.deb
Size/MD5 checksum: 2268554 4339767f35a5fdfe0e20c11eea6f3b82
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_hppa.deb
Size/MD5 checksum: 1046972 66ba3aa9fb82893461f7dfd38c2fb586
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_hppa.deb
Size/MD5 checksum: 969042 5851386ee3b68d609533896a64701aea
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_hppa.deb
Size/MD5 checksum: 1528486 f867ab97ab589b0356b7e5085c337442
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)