Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Scientific Linux SL6.x: CVE-2011-3207 Moderate OpenSSL Security Update

Calendar Oct 26, 2011 User Avatar LinuxSecurity Advisories
3 - 6 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate security issue update openssl Scientific Linux
Moderate: openssl security update 
Date: Wed, 26 Oct 2011 08:54:17 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: FASTBUGS for SL 5x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
cvs-1.11.22-9.el5.i386.rpm
cvs-inetd-1.11.22-9.el5.i386.rpm
pdksh-5.2.14-37.el5.i386.rpm

x86_64:
cvs-1.11.22-9.el5.x86_64.rpm
cvs-inetd-1.11.22-9.el5.x86_64.rpm
pdksh-5.2.14-37.el5.x86_64.rpm
Date: Wed, 26 Oct 2011 08:54:38 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
dmidecode-2.11-2.el6_1.i686.rpm
kexec-tools-2.0.0-188.el6_1.2.i686.rpm
lldpad-0.9.41-4.el6_1.5.i686.rpm
lldpad-devel-0.9.41-4.el6_1.5.i686.rpm
nfs-utils-1.2.3-7.el6_1.1.i686.rpm
opencryptoki-2.3.3-2.el6_1.1.i686.rpm
opencryptoki-devel-2.3.3-2.el6_1.1.i686.rpm
opencryptoki-libs-2.3.3-2.el6_1.1.i686.rpm
qpid-cpp-client-0.10-8.el6_1.i686.rpm
qpid-cpp-client-devel-0.10-8.el6_1.i686.rpm
qpid-cpp-client-devel-docs-0.10-8.el6_1.noarch.rpm
qpid-cpp-client-rdma-0.10-8.el6_1.i686.rpm
qpid-cpp-client-ssl-0.10-8.el6_1.i686.rpm
qpid-cpp-server-0.10-8.el6_1.i686.rpm
qpid-cpp-server-cluster-0.10-8.el6_1.i686.rpm
qpid-cpp-server-devel-0.10-8.el6_1.i686.rpm
qpid-cpp-server-rdma-0.10-8.el6_1.i686.rpm
qpid-cpp-server-ssl-0.10-8.el6_1.i686.rpm
qpid-cpp-server-store-0.10-8.el6_1.i686.rpm
qpid-cpp-server-xml-0.10-8.el6_1.i686.rpm
rh-qpid-cpp-tests-0.10-8.el6_1.i686.rpm

x86_64:
dmidecode-2.11-2.el6_1.x86_64.rpm
kexec-tools-2.0.0-188.el6_1.2.x86_64.rpm
lldpad-0.9.41-4.el6_1.5.x86_64.rpm
lldpad-devel-0.9.41-4.el6_1.5.i686.rpm
lldpad-devel-0.9.41-4.el6_1.5.x86_64.rpm
nfs-utils-1.2.3-7.el6_1.1.x86_64.rpm
opencryptoki-2.3.3-2.el6_1.1.x86_64.rpm
opencryptoki-devel-2.3.3-2.el6_1.1.i686.rpm
opencryptoki-devel-2.3.3-2.el6_1.1.x86_64.rpm
opencryptoki-libs-2.3.3-2.el6_1.1.i686.rpm
opencryptoki-libs-2.3.3-2.el6_1.1.x86_64.rpm
qpid-cpp-client-0.10-8.el6_1.i686.rpm
qpid-cpp-client-0.10-8.el6_1.x86_64.rpm
qpid-cpp-client-devel-0.10-8.el6_1.x86_64.rpm
qpid-cpp-client-devel-docs-0.10-8.el6_1.noarch.rpm
qpid-cpp-client-rdma-0.10-8.el6_1.x86_64.rpm
qpid-cpp-client-ssl-0.10-8.el6_1.i686.rpm
qpid-cpp-client-ssl-0.10-8.el6_1.x86_64.rpm
qpid-cpp-server-0.10-8.el6_1.i686.rpm
qpid-cpp-server-0.10-8.el6_1.x86_64.rpm
qpid-cpp-server-cluster-0.10-8.el6_1.x86_64.rpm
qpid-cpp-server-devel-0.10-8.el6_1.x86_64.rpm
qpid-cpp-server-rdma-0.10-8.el6_1.x86_64.rpm
qpid-cpp-server-ssl-0.10-8.el6_1.x86_64.rpm
qpid-cpp-server-store-0.10-8.el6_1.x86_64.rpm
qpid-cpp-server-xml-0.10-8.el6_1.x86_64.rpm
rh-qpid-cpp-tests-0.10-8.el6_1.x86_64.rpm
Date: Wed, 26 Oct 2011 14:06:09 -0500
Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: openssl on SL6.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis: Moderate: openssl security update
Issue Date: 2011-10-26
CVE Numbers: CVE-2011-3207

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

An uninitialized variable use flaw was found in OpenSSL. This flaw could
cause an application using the OpenSSL Certificate Revocation List (CRL)
checking functionality to incorrectly accept a CRL that has a nextUpdate
date in the past. (CVE-2011-3207)

All OpenSSL users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. For the update to take effect, all
services linked to the OpenSSL library must be restarted, or the system
rebooted.

SL6:
 i386
 openssl-1.0.0-10.el6_1.5.i686.rpm
 openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm
 openssl-devel-1.0.0-10.el6_1.5.i686.rpm
 openssl-perl-1.0.0-10.el6_1.5.i686.rpm
 openssl-static-1.0.0-10.el6_1.5.i686.rpm
 x86_64
 openssl-1.0.0-10.el6_1.5.i686.rpm
 openssl-1.0.0-10.el6_1.5.x86_64.rpm
 openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm
 openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm
 openssl-devel-1.0.0-10.el6_1.5.i686.rpm
 openssl-devel-1.0.0-10.el6_1.5.x86_64.rpm
 openssl-perl-1.0.0-10.el6_1.5.x86_64.rpm
 openssl-static-1.0.0-10.el6_1.5.x86_64.rpm

- Scientific Linux Development Team
lastline
Your message here