Date: Tue, 19 Jan 2010 15:48:10 -0600
Reply-To: Troy Dawson
Sender: Security Errata for Scientific Linux
From: Troy Dawson
Subject: FASTBUGS for SL 5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
The following FASTBUGS have been uploaded to
i386:
aide-0.13.1-6.el5.i386.rpm
avahi-0.6.16-7.el5.i386.rpm
avahi-compat-howl-0.6.16-7.el5.i386.rpm
avahi-compat-howl-devel-0.6.16-7.el5.i386.rpm
avahi-compat-libdns_sd-0.6.16-7.el5.i386.rpm
avahi-compat-libdns_sd-devel-0.6.16-7.el5.i386.rpm
avahi-devel-0.6.16-7.el5.i386.rpm
avahi-glib-0.6.16-7.el5.i386.rpm
avahi-glib-devel-0.6.16-7.el5.i386.rpm
avahi-qt3-0.6.16-7.el5.i386.rpm
avahi-qt3-devel-0.6.16-7.el5.i386.rpm
avahi-tools-0.6.16-7.el5.i386.rpm
cpuspeed-1.2.1-9.el5.i386.rpm
cups-1.3.7-11.el5_4.5.i386.rpm
cups-devel-1.3.7-11.el5_4.5.i386.rpm
cups-libs-1.3.7-11.el5_4.5.i386.rpm
cups-lpd-1.3.7-11.el5_4.5.i386.rpm
dhclient-3.0.5-21.el5_4.1.i386.rpm
dhcp-3.0.5-21.el5_4.1.i386.rpm
dhcp-devel-3.0.5-21.el5_4.1.i386.rpm
dogtail-0.6.1-3.el5.noarch.rpm
dosfstools-2.11-9.el5.i386.rpm
gnome-vfs2-2.16.2-5.el5.i386.rpm
gnome-vfs2-devel-2.16.2-5.el5.i386.rpm
gnome-vfs2-smb-2.16.2-5.el5.i386.rpm
libdhcp4client-3.0.5-21.el5_4.1.i386.rpm
libdhcp4client-devel-3.0.5-21.el5_4.1.i386.rpm
logwatch-7.3-8.el5.noarch.rpm
mdadm-2.6.9-3.el5.i386.rpm
perl-XML-LibXML-1.58-6.i386.rpm
perl-XML-SAX-0.14-8.noarch.rpm
readahead-1.3-8.el5.i386.rpm
ruby-1.8.5-5.el5_4.8.i386.rpm
ruby-devel-1.8.5-5.el5_4.8.i386.rpm
ruby-docs-1.8.5-5.el5_4.8.i386.rpm
ruby-irb-1.8.5-5.el5_4.8.i386.rpm
ruby-libs-1.8.5-5.el5_4.8.i386.rpm
ruby-mode-1.8.5-5.el5_4.8.i386.rpm
ruby-rdoc-1.8.5-5.el5_4.8.i386.rpm
ruby-ri-1.8.5-5.el5_4.8.i386.rpm
ruby-tcltk-1.8.5-5.el5_4.8.i386.rpm
strace-4.5.18-5.el5_4.1.i386.rpm
tcsh-6.14-14.el5_4.3.i386.rpm
xen-3.0.3-94.el5_4.3.i386.rpm
xen-devel-3.0.3-94.el5_4.3.i386.rpm
xen-libs-3.0.3-94.el5_4.3.i386.rpm
x86_64:
aide-0.13.1-6.el5.x86_64.rpm
avahi-0.6.16-7.el5.i386.rpm
avahi-0.6.16-7.el5.x86_64.rpm
avahi-compat-howl-0.6.16-7.el5.i386.rpm
avahi-compat-howl-0.6.16-7.el5.x86_64.rpm
avahi-compat-howl-devel-0.6.16-7.el5.i386.rpm
avahi-compat-howl-devel-0.6.16-7.el5.x86_64.rpm
avahi-compat-libdns_sd-0.6.16-7.el5.i386.rpm
avahi-compat-libdns_sd-0.6.16-7.el5.x86_64.rpm
avahi-compat-libdns_sd-devel-0.6.16-7.el5.i386.rpm
avahi-compat-libdns_sd-devel-0.6.16-7.el5.x86_64.rpm
avahi-devel-0.6.16-7.el5.i386.rpm
avahi-devel-0.6.16-7.el5.x86_64.rpm
avahi-glib-0.6.16-7.el5.i386.rpm
avahi-glib-0.6.16-7.el5.x86_64.rpm
avahi-glib-devel-0.6.16-7.el5.i386.rpm
avahi-glib-devel-0.6.16-7.el5.x86_64.rpm
avahi-qt3-0.6.16-7.el5.i386.rpm
avahi-qt3-0.6.16-7.el5.x86_64.rpm
avahi-qt3-devel-0.6.16-7.el5.i386.rpm
avahi-qt3-devel-0.6.16-7.el5.x86_64.rpm
avahi-tools-0.6.16-7.el5.x86_64.rpm
cpuspeed-1.2.1-9.el5.x86_64.rpm
cups-1.3.7-11.el5_4.5.x86_64.rpm
cups-devel-1.3.7-11.el5_4.5.i386.rpm
cups-devel-1.3.7-11.el5_4.5.x86_64.rpm
cups-libs-1.3.7-11.el5_4.5.i386.rpm
cups-libs-1.3.7-11.el5_4.5.x86_64.rpm
cups-lpd-1.3.7-11.el5_4.5.x86_64.rpm
dhclient-3.0.5-21.el5_4.1.x86_64.rpm
dhcp-3.0.5-21.el5_4.1.x86_64.rpm
dhcp-devel-3.0.5-21.el5_4.1.i386.rpm
dhcp-devel-3.0.5-21.el5_4.1.x86_64.rpm
dogtail-0.6.1-3.el5.noarch.rpm
dosfstools-2.11-9.el5.x86_64.rpm
gnome-vfs2-2.16.2-5.el5.i386.rpm
gnome-vfs2-2.16.2-5.el5.x86_64.rpm
gnome-vfs2-devel-2.16.2-5.el5.i386.rpm
gnome-vfs2-devel-2.16.2-5.el5.x86_64.rpm
gnome-vfs2-smb-2.16.2-5.el5.x86_64.rpm
libdhcp4client-3.0.5-21.el5_4.1.i386.rpm
libdhcp4client-3.0.5-21.el5_4.1.x86_64.rpm
libdhcp4client-devel-3.0.5-21.el5_4.1.i386.rpm
libdhcp4client-devel-3.0.5-21.el5_4.1.x86_64.rpm
logwatch-7.3-8.el5.noarch.rpm
mdadm-2.6.9-3.el5.x86_64.rpm
perl-XML-LibXML-1.58-6.x86_64.rpm
perl-XML-SAX-0.14-8.noarch.rpm
readahead-1.3-8.el5.x86_64.rpm
ruby-1.8.5-5.el5_4.8.x86_64.rpm
ruby-devel-1.8.5-5.el5_4.8.i386.rpm
ruby-devel-1.8.5-5.el5_4.8.x86_64.rpm
ruby-docs-1.8.5-5.el5_4.8.x86_64.rpm
ruby-irb-1.8.5-5.el5_4.8.x86_64.rpm
ruby-libs-1.8.5-5.el5_4.8.i386.rpm
ruby-libs-1.8.5-5.el5_4.8.x86_64.rpm
ruby-mode-1.8.5-5.el5_4.8.x86_64.rpm
ruby-rdoc-1.8.5-5.el5_4.8.x86_64.rpm
ruby-ri-1.8.5-5.el5_4.8.x86_64.rpm
ruby-tcltk-1.8.5-5.el5_4.8.x86_64.rpm
strace-4.5.18-5.el5_4.1.x86_64.rpm
tcsh-6.14-14.el5_4.3.x86_64.rpm
xen-3.0.3-94.el5_4.3.x86_64.rpm
xen-devel-3.0.3-94.el5_4.3.i386.rpm
xen-devel-3.0.3-94.el5_4.3.x86_64.rpm
xen-libs-3.0.3-94.el5_4.3.i386.rpm
xen-libs-3.0.3-94.el5_4.3.x86_64.rpm
-Connie Sieh
-Troy Dawson
Date: Wed, 20 Jan 2010 11:41:55 -0600
Reply-To: Troy Dawson
Sender: Security Errata for Scientific Linux
From: Troy Dawson
Subject: Security ERRATA Moderate: openssl on SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
Synopsis: Moderate: openssl security update
Issue date: 2010-01-19
CVE Names: CVE-2009-2409 CVE-2009-4355
CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky)
CVE-2009-4355 openssl significant memory leak in certain SSLv3 requests
(DoS)
It was found that the OpenSSL library did not properly re-initialize its
internal state in the SSL_library_init() function after previous calls
to the CRYPTO_cleanup_all_ex_data() function, which would cause a memory
leak for each subsequent SSL connection. This flaw could cause server
applications that call those functions during reload, such as a
combination of the Apache HTTP Server, mod_ssl, PHP, and cURL, to
consume all available memory, resulting in a denial of service.
(CVE-2009-4355)
Dan Kaminsky found that browsers could accept certificates with MD2 hash
signatures, even though MD2 is no longer considered a cryptographically
strong algorithm. This could make it easier for an attacker to create a
malicious certificate that would be treated as trusted by a browser.
OpenSSL now disables the use of the MD2 algorithm inside signatures by
default. (CVE-2009-2409)
For the update to take effect, all services linked to the OpenSSL
library must be restarted, or the system rebooted.
SL 5.x
SRPMS:
openssl-0.9.8e-12.el5_4.1.src.rpm
i386:
openssl-0.9.8e-12.el5_4.1.i386.rpm
openssl-0.9.8e-12.el5_4.1.i686.rpm
openssl-devel-0.9.8e-12.el5_4.1.i386.rpm
openssl-perl-0.9.8e-12.el5_4.1.i386.rpm
x86_64:
openssl-0.9.8e-12.el5_4.1.i686.rpm
openssl-0.9.8e-12.el5_4.1.x86_64.rpm
openssl-devel-0.9.8e-12.el5_4.1.i386.rpm
openssl-devel-0.9.8e-12.el5_4.1.x86_64.rpm
openssl-perl-0.9.8e-12.el5_4.1.x86_64.rpm
-Connie Sieh
-Troy Dawson