What Are You Looking For?

Sign Up
Date:         Wed, 7 Jan 2009 15:35:38 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for openssl on SL3.x, SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Important: openssl security update
Issue date:	2009-01-07
CVE Names:	CVE-2008-5077

The Google security team discovered a flaw in the way OpenSSL checked the
verification of certificates. An attacker in control of a malicious server,
or able to effect a "man in the middle" attack, could present a malformed
SSL/TLS signature from a certificate chain to a vulnerable client and
bypass validation. (CVE-2008-5077)

SL 3.0.x

      SRPMS:
openssl-0.9.7a-33.25.src.rpm
openssl096b-0.9.6b-16.49.src.rpm
      i386:
openssl096b-0.9.6b-16.49.i386.rpm
openssl-0.9.7a-33.25.i386.rpm
openssl-0.9.7a-33.25.i686.rpm
openssl-devel-0.9.7a-33.25.i386.rpm
openssl-perl-0.9.7a-33.25.i386.rpm
      x86_64:
openssl096b-0.9.6b-16.49.i386.rpm
openssl096b-0.9.6b-16.49.x86_64.rpm
openssl-0.9.7a-33.25.i686.rpm
openssl-0.9.7a-33.25.x86_64.rpm
openssl-devel-0.9.7a-33.25.x86_64.rpm
openssl-perl-0.9.7a-33.25.x86_64.rpm

SL 4.x

      SRPMS:
openssl-0.9.7a-43.17.el4_7.2.src.rpm
openssl096b-0.9.6b-22.46.el4_7.src.rpm
      i386:
openssl096b-0.9.6b-22.46.el4_7.i386.rpm
openssl-0.9.7a-43.17.el4_7.2.i386.rpm
openssl-0.9.7a-43.17.el4_7.2.i686.rpm
openssl-devel-0.9.7a-43.17.el4_7.2.i386.rpm
openssl-perl-0.9.7a-43.17.el4_7.2.i386.rpm
      x86_64:
openssl096b-0.9.6b-22.46.el4_7.i386.rpm
openssl096b-0.9.6b-22.46.el4_7.x86_64.rpm
openssl-0.9.7a-43.17.el4_7.2.i686.rpm
openssl-0.9.7a-43.17.el4_7.2.x86_64.rpm
openssl-devel-0.9.7a-43.17.el4_7.2.i386.rpm
openssl-devel-0.9.7a-43.17.el4_7.2.x86_64.rpm
openssl-perl-0.9.7a-43.17.el4_7.2.x86_64.rpm

SL 5.x

      SRPMS:
openssl-0.9.8b-10.el5_2.1.src.rpm
openssl097a-0.9.7a-9.el5_2.1.src.rpm
      i386:
openssl097a-0.9.7a-9.el5_2.1.i386.rpm
openssl-0.9.8b-10.el5_2.1.i386.rpm
openssl-0.9.8b-10.el5_2.1.i686.rpm
openssl-devel-0.9.8b-10.el5_2.1.i386.rpm
openssl-perl-0.9.8b-10.el5_2.1.i386.rpm
      x86_64:
openssl097a-0.9.7a-9.el5_2.1.x86_64.rpm
openssl-0.9.8b-10.el5_2.1.i686.rpm
openssl-0.9.8b-10.el5_2.1.x86_64.rpm
openssl-devel-0.9.8b-10.el5_2.1.i386.rpm
openssl-devel-0.9.8b-10.el5_2.1.x86_64.rpm
openssl-perl-0.9.8b-10.el5_2.1.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2008-5077 openssl SL3.x, SL4.x, SL5.x i386/x86_64

Important: openssl security update

Summary

Date:         Wed, 7 Jan 2009 15:35:38 -0600Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA for openssl on SL3.x, SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Important: openssl security updateIssue date:	2009-01-07CVE Names:	CVE-2008-5077The Google security team discovered a flaw in the way OpenSSL checked theverification of certificates. An attacker in control of a malicious server,or able to effect a "man in the middle" attack, could present a malformedSSL/TLS signature from a certificate chain to a vulnerable client andbypass validation. (CVE-2008-5077)SL 3.0.x      SRPMS:openssl-0.9.7a-33.25.src.rpmopenssl096b-0.9.6b-16.49.src.rpm      i386:openssl096b-0.9.6b-16.49.i386.rpmopenssl-0.9.7a-33.25.i386.rpmopenssl-0.9.7a-33.25.i686.rpmopenssl-devel-0.9.7a-33.25.i386.rpmopenssl-perl-0.9.7a-33.25.i386.rpm      x86_64:openssl096b-0.9.6b-16.49.i386.rpmopenssl096b-0.9.6b-16.49.x86_64.rpmopenssl-0.9.7a-33.25.i686.rpmopenssl-0.9.7a-33.25.x86_64.rpmopenssl-devel-0.9.7a-33.25.x86_64.rpmopenssl-perl-0.9.7a-33.25.x86_64.rpmSL 4.x      SRPMS:openssl-0.9.7a-43.17.el4_7.2.src.rpmopenssl096b-0.9.6b-22.46.el4_7.src.rpm      i386:openssl096b-0.9.6b-22.46.el4_7.i386.rpmopenssl-0.9.7a-43.17.el4_7.2.i386.rpmopenssl-0.9.7a-43.17.el4_7.2.i686.rpmopenssl-devel-0.9.7a-43.17.el4_7.2.i386.rpmopenssl-perl-0.9.7a-43.17.el4_7.2.i386.rpm      x86_64:openssl096b-0.9.6b-22.46.el4_7.i386.rpmopenssl096b-0.9.6b-22.46.el4_7.x86_64.rpmopenssl-0.9.7a-43.17.el4_7.2.i686.rpmopenssl-0.9.7a-43.17.el4_7.2.x86_64.rpmopenssl-devel-0.9.7a-43.17.el4_7.2.i386.rpmopenssl-devel-0.9.7a-43.17.el4_7.2.x86_64.rpmopenssl-perl-0.9.7a-43.17.el4_7.2.x86_64.rpmSL 5.x      SRPMS:openssl-0.9.8b-10.el5_2.1.src.rpmopenssl097a-0.9.7a-9.el5_2.1.src.rpm      i386:openssl097a-0.9.7a-9.el5_2.1.i386.rpmopenssl-0.9.8b-10.el5_2.1.i386.rpmopenssl-0.9.8b-10.el5_2.1.i686.rpmopenssl-devel-0.9.8b-10.el5_2.1.i386.rpmopenssl-perl-0.9.8b-10.el5_2.1.i386.rpm      x86_64:openssl097a-0.9.7a-9.el5_2.1.x86_64.rpmopenssl-0.9.8b-10.el5_2.1.i686.rpmopenssl-0.9.8b-10.el5_2.1.x86_64.rpmopenssl-devel-0.9.8b-10.el5_2.1.i386.rpmopenssl-devel-0.9.8b-10.el5_2.1.x86_64.rpmopenssl-perl-0.9.8b-10.el5_2.1.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

Nov 27, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo