[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] ALERT: remote root exploit in openssl library (SuSE, Mandrake)

To: linux-security
Subject: [linux-security] ALERT: remote root exploit in openssl library (SuSE, Mandrake)
From: Martin Siegert <siegert@sfu.ca>
Date: Tue, 30 Jul 2002 19:35:53 -0700
In-Reply-To: <20020730190139.GA22287@stikine.ucs.sfu.ca>
References: <20020730190139.GA22287@stikine.ucs.sfu.ca>
User-Agent: Mutt/1.4i

On Tue, Jul 30, 2002 at 12:01:39PM -0700, Martin Siegert wrote:
> Topic
> =====
> buffer overflow in openssl library may lead to remote root exploit
> 
> Solution
> ========
> upgrade to openssl-0.9.6e (or patched version for your distribution)

You should restart every daemon that uses the openssl library, in 
particular sshd and (if you are running a web server httpd), i.e.,

# /etc/init.d/rc.d/sshd restart

and for web servers

# /etc/init.d/rc.d/httpd restart

What follows is the upgrade information for SuSe and Mandrake.

SuSE 7.0
--------
rpm -Fvh openssl-0.9.5a-59.i386.rpm

SuSE 7.1, 7.2
-------------
rpm -Fvh openssl-0.9.6a-63.i386.rpm \
         openssl-devel-0.9.6a-63.i386.rpm \
         openssl-doc-0.9.6a-63.i386.rpm

SuSE 7.3
--------
rpm -Fvh openssl-0.9.6b-147.i386.rpm \
         openssl-devel-0.9.6b-147.i386.rpm \
         openssl-doc-0.9.6b-147.i386.rpm

SuSE 8.0
--------
rpm -Fvh openssl-0.9.6c-78.i386.rpm \
         openssl-devel-0.9.6c-78.i386.rpm \
         openssl-doc-0.9.6c-78.i386.rpm

Mandrake 7.1
------------
rpm -Fvh openssl-0.9.5a-4.1mdk.i586.rpm \
         openssl-devel-0.9.5a-4.1mdk.i586.rpm

Mandrake 7.2
------------
rpm -Fvh openssl-0.9.5a-9.1mdk.i586.rpm \
         openssl-devel-0.9.5a-9.1mdk.i586.rpm

Mandrake 8.0
------------
rpm -Fvh openssl-0.9.6-8.1mdk.i586.rpm \
         openssl-devel-0.9.6-8.1mdk.i586.rpm

Mandrake 8.1
------------
rpm -Fvh openssl-0.9.6b-1.1mdk.i586.rpm \
         libopenssl0-0.9.6b-1.1mdk.i586.rpm \
         libopenssl0-devel-0.9.6b-1.1mdk.i586.rpm

Mandrake 8.2
------------
rpm -Fvh openssl-0.9.6c-2.1mdk.i586.rpm \
         libopenssl0-0.9.6c-2.1mdk.i586.rpm \
         libopenssl0-devel-0.9.6c-2.1mdk.i586.rpm

Follow-Ups:
- [linux-security] ALERT: remote root exploit in openssl library
  - From: Martin Siegert <siegert@sfu.ca>

References:
- [linux-security] ALERT: remote root exploit in openssl library
  - From: Martin Siegert <siegert@sfu.ca>
- [linux-security] ALERT: remote root exploit in openssl library
  - From: Martin Siegert <siegert@sfu.ca>

Prev by Date: [linux-security] ALERT: remote root exploit in openssl library
Next by Date: [linux-security] gallery remote exploit (Debian)
Prev by thread: [linux-security] ALERT: remote root exploit in openssl library
Next by thread: [linux-security] ALERT: remote root exploit in openssl library
Index(es):
- Date
- Thread