Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 9: FEDORA-2009-5423 Moderate Update for openssl DoS Issue

fedora
Calendar Grey June 19, 2009
Dist Fedora Esm H88
A crucial patch for Fedora 9's OpenSSL resolves Denial of Service vulnerabilities, enhancing the integrity of connections and enabling trustworthy software updates.
Security update fixing DoS bugs in DTLS code

Summary

The OpenSSL toolkit provides support for secure communications between

machines. OpenSSL includes a certificate management tool and shared

libraries which provide various cryptographic algorithms and

protocols.

Update Information:

Security update fixing DoS bugs in DTLS code. CVE-2009-1377 CVE-2009-1378 CVE-2009-1379

Topics%20covered

Topics Covered

security advisory security update Fedora DoS openssl

Change Log

* Thu May 21 2009 Tomas Mraz 0.9.8g-9.14 - fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 (DTLS DoS problems) (#501253, #501254, #501572) - support compatibility DTLS mode for CISCO AnyConnect (#464629) - fix crash when parsing malformed mime headers in the smime app * Wed Jan 7 2009 Tomas Mraz 0.9.8g-9.12 - fix CVE-2008-5077 - incorrect checks for malformed signatures (#476671) - add -no_ign_eof option (#462393) - do not add tls extensions to server hello for SSLv3 either * Wed May 28 2008 Tomas Mraz 0.9.8g-9 - fix CVE-2008-0891 - server name extension crash (#448492) - fix CVE-2008-1672 - server key exchange message omit crash (#448495) * Tue May 27 2008 Tomas Mraz 0.9.8g-8 - super-H arch support - drop workaround for bug 199604 as it should be fixed in gcc-4.3 * Mon May 19 2008 Tom "spot" Callaway 0.9.8g-7 - sparc handling

References


[ 1 ] Bug #501253 - CVE-2009-1377 OpenSSL: DTLS epoch record buffer memory DoS https://bugzilla.redhat.com/show_bug.cgi?id=501253 [ 2 ] Bug #501254 - CVE-2009-1378 OpenSSL: DTLS fragment handling memory DoS https://bugzilla.redhat.com/show_bug.cgi?id=501254 [ 3 ] Bug #501572 - CVE-2009-1379 OpenSSL: DTLS pointer use-after-free flaw (DoS) https://bugzilla.redhat.com/show_bug.cgi?id=501572

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update openssl' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: openssl
Product: Fedora 9
Version: 0.9.8g
Release: 9.14.fc9
URL: https://www.openssl.org:443/
Summary: The OpenSSL toolkit

Topics%20covered

Topics Covered

security advisory security update Fedora DoS openssl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here