-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2009-13 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 12 May 2009 Last revised: 12 May 2009 Package: openssl Summary: openssl denial of service More information: The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. (CVE-2009-0590) Affected Products: - Turbolinux Client 2008 - Turbolinux Appliance Server 3.0 x64 Edition - Turbolinux Appliance Server 3.0 - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server - wizpy - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux 10 Server Source Packages Size: MD5 http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-source/openssl-0.9.8h-3.src.rpm 3531695 da152cf28e40951dd0e013751524948c Binary Packages Size: MD5 http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/openssl-0.9.8h-3.i586.rpm 1642157 f2225abdb9a12a05a043db174abc2e76 http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/openssl-devel-0.9.8h-3.i586.rpm 1521915 572faa9d058dd6ef7cf1ad6a24e62103 Source Packages Size: MD5 openssl-0.9.8e-6.src.rpm 3463701 873896005663aeda70447f6a09b8b84b Binary Packages Size: MD5 openssl-0.9.8e-6.x86_64.rpm 1775134 7bee5915c7bed64e22d908aab358ec6d openssl-devel-0.9.8e-6.x86_64.rpm 1966178 a8888f04d8e51478fe55196b0dd48f12 Source Packages Size: MD5 openssl-0.9.8e-6.src.rpm 3463701 873896005663aeda70447f6a09b8b84b Binary Packages Size: MD5 openssl-0.9.8e-6.i686.rpm 1700346 b0dd19b3234b3a71899d39b1afda5f27 openssl-devel-0.9.8e-6.i686.rpm 1907242 4767f7f665f602ee55aeabd0e6bc38e1 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/openssl-0.9.8e-6.src.rpm 3463701 873896005663aeda70447f6a09b8b84b Binary Packages Size: MD5 openssl-0.9.8e-6.x86_64.rpm 1775134 7bee5915c7bed64e22d908aab358ec6d openssl-devel-0.9.8e-6.x86_64.rpm 1966178 a8888f04d8e51478fe55196b0dd48f12 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/openssl-0.9.8e-6.src.rpm 3463701 873896005663aeda70447f6a09b8b84b Binary Packages Size: MD5 openssl-0.9.8e-6.i686.rpm 1700346 1e57bc12ccf3258491cd979c1de3d666 openssl-devel-0.9.8e-6.i686.rpm 1907242 42b9ae73b6529768eafad667996c5f7a Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/wizpy/updates/SRPMS/openssl-0.9.8-14.src.rpm 3383819 842a8aba1ffb621b420b5fb77ed96ecb Binary Packages Size: MD5 openssl-0.9.8-14.i386.rpm 1658755 6189e141d1b7b4e67ab971e5c06230b3 Source Packages Size: MD5 openssl-0.9.7d-16.src.rpm 2938988 90ced6d54531d6815b9c56535f6871f5 Binary Packages Size: MD5 openssl-0.9.7d-16.i586.rpm 1302921 4a69f79a27c81a0f0a4a414344f56e86 openssl-devel-0.9.7d-16.i586.rpm 1484806 c3c0110b31c26446dbabb06916fc2a53 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/openssl-0.9.8-14.src.rpm 3383445 2bb083d786b1f03d5ec214606c845b75 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/openssl-compat-0.9.7d-16.src.rpm 2917943 c0ec45b2a1ec7358ed8af202d6bea987 Binary Packages Size: MD5 openssl-0.9.8-14.i686.rpm 1744589 6e0ff5aa2106b7b672a0363a670675fd openssl-compat-0.9.7d-16.i686.rpm 1058699 fc4a536debb2565cea6956d85f6d1169 openssl-devel-0.9.8-14.i686.rpm 1929896 83f2958ace915e8b3bf360347b2adc79 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/openssl-0.9.7d-16.src.rpm 2908239 4658395ce7116d97b11f2b33fa782862 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-0.9.7d-16.x86_64.rpm 1413095 e74d8e2d839f4db74c5ad947bbd6a169 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssl-devel-0.9.7d-16.x86_64.rpm 1547770 6d3b87a57c25c6e30ecfc46f867a994b Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/openssl-0.9.7d-16.src.rpm 2938988 90ced6d54531d6815b9c56535f6871f5 Binary Packages Size: MD5 openssl-0.9.7d-16.i586.rpm 1302921 4a69f79a27c81a0f0a4a414344f56e86 openssl-devel-0.9.7d-16.i586.rpm 1484806 c3c0110b31c26446dbabb06916fc2a53 References: CVE [CVE-2009-0590] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590 -------------------------------------------------------------------------- Revision History 12 May 2009 Initial release -------------------------------------------------------------------------- Copyright(C) 2009 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEARECAAYFAkoJR1AACgkQK0LzjOqIJMzlEgCgp2w6LF0MRiSC9tLGKo3jFrPT GgYAn0rkNDASZb+BJRWTAjUiUVrWDE7L =itxY -----END PGP SIGNATURE-----