-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-5423 2009-05-25 17:28:47 --------------------------------------------------------------------------------
Name : openssl Product : Fedora 9 Version : 0.9.8g Release : 9.14.fc9 URL : http://www.openssl.org/ Summary : The OpenSSL toolkit Description : The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. -------------------------------------------------------------------------------- Update Information: Security update fixing DoS bugs in DTLS code. CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2009 Tomas Mraz <tm...@redhat.com> 0.9.8g-9.14 - fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 (DTLS DoS problems) (#501253, #501254, #501572) - support compatibility DTLS mode for CISCO AnyConnect (#464629) - fix crash when parsing malformed mime headers in the smime app * Wed Jan 7 2009 Tomas Mraz <tm...@redhat.com> 0.9.8g-9.12 - fix CVE-2008-5077 - incorrect checks for malformed signatures (#476671) - add -no_ign_eof option (#462393) - do not add tls extensions to server hello for SSLv3 either * Wed May 28 2008 Tomas Mraz <tm...@redhat.com> 0.9.8g-9 - fix CVE-2008-0891 - server name extension crash (#448492) - fix CVE-2008-1672 - server key exchange message omit crash (#448495) * Tue May 27 2008 Tomas Mraz <tm...@redhat.com> 0.9.8g-8 - super-H arch support - drop workaround for bug 199604 as it should be fixed in gcc-4.3 * Mon May 19 2008 Tom "spot" Callaway <tcall...@redhat.com> 0.9.8g-7 - sparc handling -------------------------------------------------------------------------------- References: [ 1 ] Bug #501253 - CVE-2009-1377 OpenSSL: DTLS epoch record buffer memory DoS https://bugzilla.redhat.com/show_bug.cgi?id=501253 [ 2 ] Bug #501254 - CVE-2009-1378 OpenSSL: DTLS fragment handling memory DoS https://bugzilla.redhat.com/show_bug.cgi?id=501254 [ 3 ] Bug #501572 - CVE-2009-1379 OpenSSL: DTLS pointer use-after-free flaw (DoS) https://bugzilla.redhat.com/show_bug.cgi?id=501572 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update openssl' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce