-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2006-33 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 17 Oct 2006 Last revised: 17 Oct 2006 Package: openssl Summary: openssl denial of service attack More information: The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Multiple vulnerabilities exist in openssl. Impact: The openssl allows remote attackers to cause a denial of service. Affected Products: - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server - Turbolinux 7 Server Source Packages Size: MD5 openssl-0.9.7d-11.src.rpm 2926960 3f8f7b9d4f10f492576f747f87b18033 openssl-compat-0.9.6m-10.src.rpm 2276785 b90b875574073874c36f2c2316522e98 Binary Packages Size: MD5 openssl-0.9.7d-11.i586.rpm 1300984 3a7bf462baf0bd40f5974ec170d770a4 openssl-compat-0.9.6m-10.i586.rpm 756508 59bcfb072097bfc58d37b25cbd19201b openssl-devel-0.9.7d-11.i586.rpm 1481928 44fb529e65f0a664b67b37c870a96f05 Source Packages Size: MD5 openssl-0.9.8-9.src.rpm 3381797 8742749032b03f2ab5627d39f110ead9 openssl-compat-0.9.7d-11.src.rpm 2926690 e27a2616177df598ce3e33cf3c261979 openssl096-0.9.6m-3.src.rpm 2300785 551247578ee79fbbb2b095f02f4c5603 Binary Packages Size: MD5 openssl-0.9.8-9.i686.rpm 1740042 271ea210dd158a36d29d03ebeb717906 openssl-compat-0.9.7d-11.i686.rpm 1057219 f6788d3ef570b21df188c1fa9ac5dbe7 openssl-devel-0.9.8-9.i686.rpm 1925706 f7ce4cd209fa1b3eea013101c4a9ddae openssl096-0.9.6m-3.i686.rpm 880441 fe10fd1da13825a263d8ac7b659ba8f2 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/openssl-0.9.7d-11.src.rpm 2926960 316469649fc5bbe5e107c661a3a06a25 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/openssl-compat-0.9.6m-10.src.rpm 2276785 646cac3bea7f99884ea65fe12251a47c Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-0.9.7d-11.x86_64.rpm 1410910 882eb3b0387420d2fda0685c7685ac98 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-compat-0.9.6m-10.x86_64.rpm 850524 1ee819c898efcdeb17a9515953e2f907 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-devel-0.9.7d-11.x86_64.rpm 1545953 2a721d06ef22da937fd3c3ba52faf467 Source Packages Size: MD5 openssl-0.9.6m-8.src.rpm 2389725 61d533a261d1ac51a46788d7a0625c79 Binary Packages Size: MD5 openssl-0.9.6m-8.i586.rpm 1447113 5f5438968f8d771f9c1c8f93c02be93a openssl-devel-0.9.6m-8.i586.rpm 1160291 a97c12af246d774ca128d8fa2c5e6bd3 Source Packages Size: MD5 openssl-0.9.6m-8.src.rpm 2389725 cb524dc01f2e276ab0076d8e866cae3b Binary Packages Size: MD5 openssl-0.9.6m-8.i586.rpm 1446137 55da1f7843fe3e7e010bc3c6176384f7 openssl-devel-0.9.6m-8.i586.rpm 1160957 48dbd7cdbc8e23121d6ab470ae27e206 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/openssl-0.9.7d-11.src.rpm 2926960 3f8f7b9d4f10f492576f747f87b18033 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/openssl-compat-0.9.6m-10.src.rpm 2276785 b90b875574073874c36f2c2316522e98 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/openssl-0.9.7d-11.i586.rpm 1300984 3a7bf462baf0bd40f5974ec170d770a4 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/openssl-compat-0.9.6m-10.i586.rpm 756508 59bcfb072097bfc58d37b25cbd19201b ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/openssl-devel-0.9.7d-11.i586.rpm 1481928 44fb529e65f0a664b67b37c870a96f05 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/openssl-0.9.7d-11.src.rpm 2926960 c52808a5b28c436fe8bc07b0f0c1f22e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/openssl-compat-0.9.6m-10.src.rpm 2276785 17bdf4fb63c7008bde97f8c4a0b6cff6 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-0.9.7d-11.i586.rpm 1304371 c50f86884abdf01616c8eaff2d5f1fd9 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-compat-0.9.6m-10.i586.rpm 755609 0c6b8d16e20a6d07dbe7756a0322547e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-devel-0.9.7d-11.i586.rpm 1483439 246c22efe4d74feb34e60d55d600927b Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssl-0.9.6m-8.src.rpm 2389725 c3e78d6ee46b2c4b03293324d6188666 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-0.9.6m-8.i586.rpm 1446537 d8e798d8df9b813c1450347b1919df52 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-devel-0.9.6m-8.i586.rpm 1159683 62b4f74474405e34275934c895451afa Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/openssl-0.9.6m-8.src.rpm 2389725 4470271d795cc2e32792111be9a971a1 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssl-0.9.6m-8.i586.rpm 1414207 1160ddb708a37f13c3e0f004f9834bac ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssl-devel-0.9.6m-8.i586.rpm 1142477 17cd93bdad5ac9257d035572a7e8abd5 CVE [CVE-2006-2937] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [CVE-2006-2940] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [CVE-2006-3738] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [CVE-2006-4343] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 -------------------------------------------------------------------------- Revision History 17 Oct 2006 Initial release -------------------------------------------------------------------------- Copyright(C) 2006 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFFNNKuK0LzjOqIJMwRAgxuAJ9e7NmB1OgTiXG4AKAB19CG5acqEgCgjVtc 4UYpUx7Eq/w3YcDI3AkD4Qw= =FER0 -----END PGP SIGNATURE-----