-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-5357 2010-03-26 23:25:50 --------------------------------------------------------------------------------
Name : openssl Product : Fedora 11 Version : 0.9.8n Release : 1.fc11 URL : http://www.openssl.org/ Summary : A general purpose cryptography library with TLS implementation Description : The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. -------------------------------------------------------------------------------- Update Information: Update to upstream version 0.9.8n fixing multiple security issues: CVE-2009-3555, CVE-2009-3245, CVE-2009-4355, and CVE-2010-0433. Refer to upstream CHANGES file for the detailed list of changes since version 0.9.8k: * http://cvs.openssl.org/fileview?f=openssl/CHANGES&v=1.1238.2.193 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 25 2010 Tomas Mraz <[email protected]> 0.9.8n-1 - fix CVE-2010-0740 * Mon Mar 22 2010 Tomas Mraz <[email protected]> 0.9.8m-1 - fix CVE-2009-3245 CVE-2009-3555 CVE-2009-4355 CVE-2010-0433 * Thu May 21 2009 Tomas Mraz <[email protected]> 0.9.8k-5 - fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 (DTLS DoS problems) (#501253, #501254, #501572) * Tue Apr 21 2009 Tomas Mraz <[email protected]> 0.9.8k-4 - support compatibility DTLS mode for CISCO AnyConnect (#464629) * Fri Apr 17 2009 Tomas Mraz <[email protected]> 0.9.8k-3 - correct the SHLIB_VERSION define * Wed Apr 15 2009 Tomas Mraz <[email protected]> 0.9.8k-2 - add support for multiple CRLs with same subject - load only dynamic engine support in FIPS mode -------------------------------------------------------------------------------- References: [ 1 ] Bug #533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation https://bugzilla.redhat.com/show_bug.cgi?id=533125 [ 2 ] Bug #570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks https://bugzilla.redhat.com/show_bug.cgi?id=570924 [ 3 ] Bug #546707 - CVE-2009-4355 openssl significant memory leak in certain SSLv3 requests (DoS) https://bugzilla.redhat.com/show_bug.cgi?id=546707 [ 4 ] Bug #569774 - CVE-2010-0433 openssl: crash caused by a missing krb5_sname_to_principal() return value check https://bugzilla.redhat.com/show_bug.cgi?id=569774 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update openssl' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
