-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2007-52 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 09 Nov 2007 Last revised: 29 Nov 2007 Package: openssl Summary: Multiple vulnerabilities exist in openssl More information: The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Multiple vulnerabilities exist in openssl. Impact: Buffer overflow openssl. Allows remote attackers to force a client and server to use a weaker protocol. Allow local users to conduct a side-channel attack and retrieve RSA private keys. Allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. Remote attackers to execute arbitrary code via unspecified vectors. Affected Products: - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server - wizpy - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/openssl-0.9.8e-4.src.rpm 3448109 5f6e59a452be55da0c9bf650f815411b Binary Packages Size: MD5 openssl-0.9.8e-4.x86_64.rpm 1772595 a4229068554308101479e610c332f20c openssl-devel-0.9.8e-4.x86_64.rpm 1964699 e68b6eda4112342c21f6f46aae62ccf6 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/openssl-0.9.8e-4.src.rpm 3448109 3ef0619e3a6d1696d7fa7db1675bc5aa Binary Packages Size: MD5 openssl-0.9.8e-4.i686.rpm 1699411 8fb17114b4bfb5f879fc3bbbc88fa075 openssl-devel-0.9.8e-4.i686.rpm 1906465 acff656c01411b225073d733c8717eba Source Packages Size: MD5 openssl-0.9.8-12.src.rpm 3369754 1988e069d0f6676f0dc94e310b2346c9 Binary Packages Size: MD5 openssl-0.9.8-12.i386.rpm 1507977 136669205681cfac03ec3a3e7ef989f3 Source Packages Size: MD5 openssl-0.9.7d-13.src.rpm 2905537 64e45df443efce20e71c553ea2601781 openssl-compat-0.9.6m-12.src.rpm 2283679 22f70e633fd0e757ac03345ae55d1086 Binary Packages Size: MD5 openssl-0.9.7d-13.i586.rpm 1303002 4de1a3600839082b592a085832dce581 openssl-compat-0.9.6m-12.i586.rpm 756719 2bde738a8dbdd22d3382962dac02c6ed openssl-devel-0.9.7d-13.i586.rpm 1484607 50d25b98f2cf9779ddf47b5c640a87ec Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/openssl-0.9.8-12.src.rpm 3369754 8c608cfd5b48cc249569d91e4f05cf9a ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/openssl-compat-0.9.7d-13.src.rpm 2905545 169210c886a77ee60a2c9603961358d0 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/openssl096-0.9.6m-12.src.rpm 2283691 ee1d9c142b6dcd4029f4a362465ad7ed Binary Packages Size: MD5 openssl-0.9.8-12.i686.rpm 1743047 bad2652d584fcffa03b60b26748f30a0 openssl-compat-0.9.7d-13.i686.rpm 1058028 14dd5de98060f4499bc8678e582fd9b4 openssl-devel-0.9.8-12.i686.rpm 1928515 ac58dc231cc6df534b4d5a70998085c5 openssl096-0.9.6m-12.i686.rpm 881931 2099f0f01eec2d64d3a07640fb5673c2 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/openssl-0.9.7d-13.src.rpm 2905537 167ed0070e9e7e47022e29d863574eeb ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/openssl-compat-0.9.6m-12.src.rpm 2283679 d0f5266ffb19f2178d64e1249328d1b5 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-0.9.7d-13.x86_64.rpm 1413703 03f0d26283e6837175ba49b670fb2854 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-compat-0.9.6m-12.x86_64.rpm 851114 55bd8d7612aff06b42f08df93a887e6e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-devel-0.9.7d-13.x86_64.rpm 1548926 c0f0fd6d2d7fdb923f4f2f47ed72f991 Source Packages Size: MD5 openssl-0.9.6m-12.src.rpm 2371446 db00a32d7037f78d0e873313380b07c9 Binary Packages Size: MD5 openssl-0.9.6m-12.i586.rpm 1446903 75247e5581d86ae13be3a47e02050701 openssl-devel-0.9.6m-12.i586.rpm 1158945 d7aff0506d7dcfa69519acac4949012d Source Packages Size: MD5 openssl-0.9.6m-12.src.rpm 2371446 c679e60ab77db1e5b232c90400f576e5 Binary Packages Size: MD5 openssl-0.9.6m-12.i586.rpm 1447278 abb19471098c8467e8dca37f4e84f973 openssl-devel-0.9.6m-12.i586.rpm 1159760 618a1c5a8581f18b3eed6fc53769be9f Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/openssl-0.9.7d-13.src.rpm 2905537 64e45df443efce20e71c553ea2601781 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/openssl-compat-0.9.6m-12.src.rpm 2283679 22f70e633fd0e757ac03345ae55d1086 Binary Packages Size: MD5 openssl-0.9.7d-13.i586.rpm 1303002 4de1a3600839082b592a085832dce581 openssl-compat-0.9.6m-12.i586.rpm 756719 2bde738a8dbdd22d3382962dac02c6ed openssl-devel-0.9.7d-13.i586.rpm 1484607 50d25b98f2cf9779ddf47b5c640a87ec Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/openssl-0.9.7d-13.src.rpm 2905537 98a7937f20d6d19e94727007d012306c ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/openssl-compat-0.9.6m-12.src.rpm 2283679 5bf057f42a0bf63856c04b6965b15811 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-0.9.7d-13.i586.rpm 1305650 9eb8f5a0b5af29249cae231ae831c8f9 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-compat-0.9.6m-12.i586.rpm 756069 2e78f53d5c112ac9c4d5a4d7d5f7a737 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-devel-0.9.7d-13.i586.rpm 1485984 a1e53ba74a81d92d5ffb760b5a78fa69 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssl-0.9.6m-12.src.rpm 2371446 8e5a3b34dee584ee154adefe8c05524c Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-0.9.6m-12.i586.rpm 1447371 5fdf3f1b5c68e8ca2aca7a9e20805498 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-devel-0.9.6m-12.i586.rpm 1160208 0b1f9a242b68a11ce825f15308d10d3c References: CVE [CAN-2005-2969] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969 [CVE-2006-3738] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [CVE-2007-3108] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 [CVE-2007-4995] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995 [CVE-2007-5135] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 -------------------------------------------------------------------------- Revision History 09 Nov 2007 Initial release 29 Nov 2007 Added Turbolinux 11 Server -------------------------------------------------------------------------- Copyright(C) 2007 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHTiaiK0LzjOqIJMwRAsTLAKCOmJDINCS4ZC/R8KIl67v3MfMmdgCglai1 gjL8Y9+MDcebVOVheLvkGpA= =gIgG -----END PGP SIGNATURE-----