Fedora Legacy Test Update Notification: openssl

Marc Deslauriers marcdeslauriers at videotron.ca
Sun Oct 30 23:43:17 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-166939
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166939
2005-10-30
---------------------------------------------------------------------

Name        : openssl
Versions    : rh73: openssl-0.9.6b-39.9.legacy
Versions    : rh9: openssl-0.9.7a-20.6.legacy
Versions    : fc1: openssl-0.9.7a-33.13.legacy
Versions    : fc2:  openssl-0.9.7a-35.2.legacy
Summary     : The OpenSSL toolkit.
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

---------------------------------------------------------------------
Update Information:

Updated OpenSSL packages that fix a security issue are now available.

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-
strength general purpose cryptography library.

A bug was fixed in the way OpenSSL creates DSA signatures. A cache
timing attack was fixed in a previous advisory which caused OpenSSL to
do private key calculations with a fixed time window. The DSA fix for
this was not complete and the calculations are not always performed within
a fixed-window. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-0109 to this issue.

Users are advised to update to these erratum packages which contain
a patch to correct this issue.

---------------------------------------------------------------------
Changelogs

rh73:
* Sat Oct 22 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 0.9.6b-39.9.legacy
- Add extra patch to fix CAN-2005-0109
- Patch to prevent version rollback, CAN-2005-2969 (#166939)

* Mon Aug 29 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 0.9.6b-39.8.legacy
- patch for cache timing exploit CAN-2005-0109 (#166939)

rh9:
* Sat Oct 22 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 0.9.7a-20.6.legacy
- Add extra patch to fix CAN-2005-0109
- Patch to prevent version rollback, CAN-2005-2969 (#166939)

* Mon Aug 29 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 0.9.7a-20.5.legacy
- patch for cache timing exploit CAN-2005-0109 (#166939)

fc1:
* Sat Oct 22 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 0.9.7a-33.13.legacy
- Add extra patch to fix CAN-2005-0109
- Patch to prevent version rollback, CAN-2005-2969 (#166939)

* Mon Aug 29 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 0.9.7a-33.12.legacy
- patch for cache timing exploit CAN-2005-0109 (#166939)

fc2:
* Sat Oct 22 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 0.9.7a-35-2.legacy
- Add extra patch to fix CAN-2005-0109
- Patch to prevent version rollback, CAN-2005-2969 (#166939)

* Sun Aug 28 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 0.9.7a-35.1.legacy
- Patches for CAN-2004-0975 and CAN-2005-0109 (#166939)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh73:
23e31f9220e9c178633f92176a09b3cd22912203
redhat/7.3/updates-testing/i386/openssl095a-0.9.5a-24.7.5.legacy.i386.rpm
e08cbfb5c6ee46014ee5d15282c68fe7f9331071
redhat/7.3/updates-testing/i386/openssl096-0.9.6-25.10.legacy.i386.rpm
8c3ddc292081189ad5f9e21e2c4b26615f38f990
redhat/7.3/updates-testing/i386/openssl-0.9.6b-39.9.legacy.i386.rpm
9ff66370fe9e198c0482542705e70f6e6d08eb92
redhat/7.3/updates-testing/i386/openssl-0.9.6b-39.9.legacy.i686.rpm
e0e7414663d8303ca31cb2fa7f711e21e29b247f
redhat/7.3/updates-testing/i386/openssl-devel-0.9.6b-39.9.legacy.i386.rpm
e230cd7a295b5a0f7181ace648647b8131d34f55
redhat/7.3/updates-testing/i386/openssl-perl-0.9.6b-39.9.legacy.i386.rpm
a947f06dd5bb790c081de9a66ab6115bc3f860bd
redhat/7.3/updates-testing/SRPMS/openssl095a-0.9.5a-24.7.5.legacy.src.rpm
ffed89fc023c04323469f9689650afa8c63ab752
redhat/7.3/updates-testing/SRPMS/openssl096-0.9.6-25.10.legacy.src.rpm
5f15191347ba49337593e3ec4a25b7961854b126
redhat/7.3/updates-testing/SRPMS/openssl-0.9.6b-39.9.legacy.src.rpm

rh9:
c94740ed01d1016dfedcbb250c8641fb8507b6f9
redhat/9/updates-testing/i386/openssl096-0.9.6-25.11.legacy.i386.rpm
f1224dfb97ddb0eaa678d23cd097858d05c6939c
redhat/9/updates-testing/i386/openssl096b-0.9.6b-15.2.legacy.i386.rpm
62eb39923eb2a98a1749a58a28fce5c425587387
redhat/9/updates-testing/i386/openssl-0.9.7a-20.6.legacy.i386.rpm
e97a1fb8963711a2c97e298173d30fe64abd7a3f
redhat/9/updates-testing/i386/openssl-0.9.7a-20.6.legacy.i686.rpm
dca80e912b43137b71e966cdc956b50324fd59fc
redhat/9/updates-testing/i386/openssl-devel-0.9.7a-20.6.legacy.i386.rpm
1f34a94f36d3b7fa56b633fc134eac3d99a08f45
redhat/9/updates-testing/i386/openssl-perl-0.9.7a-20.6.legacy.i386.rpm
7a33a1707d2e6dfd3db2d6d33e992007fe26b8a7
redhat/9/updates-testing/SRPMS/openssl096-0.9.6-25.11.legacy.src.rpm
a04955b783d0eab8daca4435dcc5dd9cc181132c
redhat/9/updates-testing/SRPMS/openssl096b-0.9.6b-15.2.legacy.src.rpm
d010302930f88638255581d7f4d8d245fc5f1f4f
redhat/9/updates-testing/SRPMS/openssl-0.9.7a-20.6.legacy.src.rpm

fc1:
b8bca99bd841735227e51ec9922aa7b9a86cf956
fedora/1/updates-testing/i386/openssl096-0.9.6-26.2.legacy.i386.rpm
f6a6795be813551df73dd07b81fedb9c4b766e4e
fedora/1/updates-testing/i386/openssl096b-0.9.6b-18.2.legacy.i386.rpm
620c574712782b4e349ed1392d1d674507a146cc
fedora/1/updates-testing/i386/openssl-0.9.7a-33.13.legacy.i386.rpm
5518b5e24176b056dae1e653a4abb9f2dd227d99
fedora/1/updates-testing/i386/openssl-0.9.7a-33.13.legacy.i686.rpm
5ce78af8e1d18ec2deb174ac6fdce6e84c68e46a
fedora/1/updates-testing/i386/openssl-devel-0.9.7a-33.13.legacy.i386.rpm
1bee0f14e627fde0951377e1bf2f90b190152967
fedora/1/updates-testing/i386/openssl-perl-0.9.7a-33.13.legacy.i386.rpm
9e2427b58a5e52bbf3e6b59cacc7c11d5ae8d8b0
fedora/1/updates-testing/SRPMS/openssl096-0.9.6-26.2.legacy.src.rpm
d16eb5ca21baed54c23f89e003a2084c482daa25
fedora/1/updates-testing/SRPMS/openssl096b-0.9.6b-18.2.legacy.src.rpm
b116a8978d0ea6720193ac67c927d1c07eb122c4
fedora/1/updates-testing/SRPMS/openssl-0.9.7a-33.13.legacy.src.rpm

fc2:
c0b1d16c9b9dedc5661de97e87e886872241bd02
fedora/2/updates-testing/i386/openssl096b-0.9.6b-20.2.legacy.i386.rpm
d8773965612fda44388b73296ba8fb9caea9db1f
fedora/2/updates-testing/i386/openssl-0.9.7a-35.2.legacy.i386.rpm
45c1a884034056c1f3f31f6a61af617a44a31e47
fedora/2/updates-testing/i386/openssl-0.9.7a-35.2.legacy.i686.rpm
24f03de813df1d534d3d847fde68ffd603a2e234
fedora/2/updates-testing/i386/openssl-devel-0.9.7a-35.2.legacy.i386.rpm
a990c20059b07984cc06a1029219b713650b0cfd
fedora/2/updates-testing/i386/openssl-perl-0.9.7a-35.2.legacy.i386.rpm
1d7866f61179aab39ed819459923c3b71bda70ba
fedora/2/updates-testing/SRPMS/openssl096b-0.9.6b-20.2.legacy.src.rpm
63d5d41cd2be5a010c2ad2c6276f0ddba2948e38
fedora/2/updates-testing/SRPMS/openssl-0.9.7a-35.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20051030/c4fb48c9/attachment.sig>

More information about the fedora-legacy-list mailing list