There is another openssl security update. I have built and lightly tested on PPC, 10.4.8.
Update version to: Version: 0.9.7l Update md5 to: Source-MD5: b21d6e10817ddeccf5fbe1379987333e Thank you. Neil from @risk (3) HIGH: OpenSSL ASN.1 Remote Buffer Overflow Affected: OpenSSL version 0.9.8c and prior OpenSSL version 0.9.7k and prior Description: OpenSSL, an open source implementation of the Secure Sockets Layer, contains a remotely-exploitable buffer overflow in its handling of ASN.1-encoded data. OpenSSL is used in a wide variety of applications; including many applications designed for security, and is installed by default on most UNIX, Linux, BSD, and Mac OS X systems. By sending a specially-crafted request to a vulnerable application using OpenSSL, an attacker could trigger this buffer overflow and execute arbitrary code with the privileges of the vulnerable application. Note that, because OpenSSL is open source, technical details for this vulnerability may be easily obtained via source code analysis. Status: OpenSSL confirmed, updates available. Council Site Actions: Two of the responding council sites are using the affected software and are in the process of investigating how this vulnerability affects them. References: OpenSSL Security Advisory http://www.openssl.org/news/secadv_20060928.txt Wikipedia Article on the Secure Sockets Layer http://en.wikipedia.org/wiki/Secure_Sockets_Layer Wikipedia Article on ASN.1 http://en.wikipedia.org/wiki/ASN.1 OpenSSL Home Page http://www.openssl.org SecurityFocus BID http://www.securityfocus.com/bid/20249 On Sep 26, 2006, at 12:44 AM, David R. Morrison wrote: > Update of /cvsroot/fink/dists/10.4/unstable/crypto/finkinfo > In directory sc8-pr-cvs5.sourceforge.net:/tmp/cvs-serv21142 > > Modified Files: > openssl097.info > Log Message: > security update > > > Index: openssl097.info > =================================================================== > RCS file: /cvsroot/fink/dists/10.4/unstable/crypto/finkinfo/ > openssl097.info,v > retrieving revision 1.5 > retrieving revision 1.6 > diff -u -d -r1.5 -r1.6 > --- openssl097.info 22 Sep 2006 00:51:44 -0000 1.5 > +++ openssl097.info 26 Sep 2006 05:44:02 -0000 1.6 > @@ -1,6 +1,6 @@ > Package: openssl097 > -Version: 0.9.7j > -Revision: 5 > +Version: 0.9.7k > +Revision: 1 > Depends: %N-shlibs (= %v-%r), pkgconfig > Conflicts: openssl > Replaces: openssl > @@ -10,7 +10,7 @@ > Primary: http://www.openssl.org/ > Secondary: http://www.planetmirror.com/pub/openssl/ > << > -Source-MD5: 79dd939266b069e7aca587e6ab16a055 > +Source-MD5: be6bba1d67b26eabb48cf1774925416f > Patch: %n.patch > PatchScript: perl util/perlpath.pl /usr/bin > NoSetMAKEFLAGS: true > > > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys -- and earn > cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Fink-commits mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fink-commits ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Fink-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fink-devel
