[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux-security] ALERT: remote root exploit in openssl library (Debian)



On Fri, Aug 09, 2002 at 02:22:56PM -0700, Martin Siegert wrote:
> On Tue, Jul 30, 2002 at 12:01:39PM -0700, Martin Siegert wrote:
> > Topic
> > =====
> > buffer overflow in openssl library may lead to remote root exploit
> > 
> > Solution
> > ========
> > upgrade to openssl-0.9.6e (or patched version for your distribution)
> 
> Problem Description
> ===================
> The original patch from the OpenSSL team had a mistake in
> it which could possibly still allow buffer overflows to occur. 
> Thus, the openssl must be upgraded once more.
> 
> After the upgrade you should restart every daemon that uses the openssl
> library, in particular sshd and (if you are running a web server httpd).
> 
> Affected Systems
> ================
> Systems using openssl version 0.9.6e or earlier.
> 
> Solution
> ========
> Upgrade to openssl-0.9.6f or later (or to patched version for your
> distribution)

Debian 2.2 (potato)
-------------------
upgrade to openssl_0.9.6c-0.potato.4_i386.deb,
           libssl0.9.6_0.9.6c-0.potato.4_i386.deb,
           libssl-dev_0.9.6c-0.potato.4_i386.deb,
           libssl09_0.9.4-6.potato.2_i386.deb

Debian 3.0 (woody)
------------------
upgrade to openssl_0.9.6c-2.woody.1_i386.deb,
           libssl0.9.6_0.9.6c-2.woody.1_i386.deb,
           libssl-dev_0.9.6c-2.woody.1_i386.deb,
           libssl095a_0.9.5a-6.woody.1_i386.deb,
           libssl09_0.9.4-6.woody.2_i386.deb