Vulnerability Bulletins |
Desbordamiento inferior de búfer en OpenSSL |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software |
OpenSSL 0.9.7l OpenSSL 0.9.8d |
Description |
|
|
Se ha encontrado una vulnerabilidad del tipo desbordamiento inferior de búfer en OpenSSL 0.9.7l y 0.9.8d. La vulnerabilidad reside en un error en la librería libssl en la función SSL_get_shared_ciphers(). Un atacante remoto podría ejecutar código arbitrario mediante el envío de un paquete especialmente diseñado. |
|
Solution |
|
|
Actualización de software Debian (DSA 1379-1) Debian 3.1 Source http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5.diff.gz http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5.dsc alpha http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_alpha.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_alpha.udeb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_alpha.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_alpha.deb amd64 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_amd64.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_amd64.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_amd64.udeb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_amd64.deb arm http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_arm.deb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_arm.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_arm.udeb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_arm.deb hppa http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_hppa.udeb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_hppa.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_hppa.deb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_hppa.deb i386 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_i386.deb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_i386.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_i386.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_i386.udeb ia64 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_ia64.deb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_ia64.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_ia64.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_ia64.udeb m68k http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_m68k.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_m68k.deb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_m68k.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_m68k.udeb mips http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_mips.udeb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_mips.deb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_mips.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_mips.deb mipsel http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_mipsel.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_mipsel.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_mipsel.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_mipsel.udeb powerpc http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_powerpc.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_powerpc.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_powerpc.udeb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_powerpc.deb s390 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_s390.udeb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_s390.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_s390.deb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_s390.deb sparc http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_sparc.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_sparc.udeb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_sparc.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_sparc.deb Debian Linux Source http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1.dsc http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1.diff.gz http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c.orig.tar.gz alpha http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_alpha.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_alpha.deb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_alpha.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_alpha.udeb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_alpha.deb amd64 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_amd64.udeb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_amd64.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_amd64.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_amd64.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_amd64.deb arm http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_arm.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_arm.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_arm.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_arm.udeb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_arm.deb hppa http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_hppa.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_hppa.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_hppa.udeb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_hppa.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_hppa.deb i386 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_i386.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_i386.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_i386.udeb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_i386.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_i386.deb ia64 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_ia64.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_ia64.udeb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_ia64.deb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_ia64.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_ia64.deb mips http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_mips.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_mips.deb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_mips.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_mips.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_mips.udeb mipsel http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_mipsel.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_mipsel.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_mipsel.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_mipsel.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_mipsel.udeb powerpc http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_powerpc.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_powerpc.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_powerpc.deb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_powerpc.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_powerpc.udeb s390 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_s390.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_s390.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_s390.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_s390.udeb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_s390.deb sparc http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_sparc.deb http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_sparc.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_sparc.deb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_sparc.udeb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_sparc.deb Mandriva (MDKSA-2007:193) Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.8.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.8.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.8.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/openssl-0.9.7c-3.8.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/openssl-0.9.7c-3.8.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.8.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.8.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.8.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/openssl-0.9.7c-3.8.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/openssl-0.9.7c-3.8.C30mdk.src.rpm Multi Network Firewall 2.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.8.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.8.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.8.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/i586/openssl-0.9.7c-3.8.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/SRPMS/openssl-0.9.7c-3.8.M20mdk.src.rpm Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libopenssl0.9.8-0.9.8b-2.3mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.3mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.3mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/openssl-0.9.8b-2.3mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/openssl-0.9.8b-2.3mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.3mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.3mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.3mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/openssl-0.9.8b-2.3mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/openssl-0.9.8b-2.3mdv2007.0.src.rpm Corporate Server 4.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.6.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.6.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.6.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/openssl-0.9.7g-2.6.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/openssl-0.9.7g-2.6.20060mlcs4.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.6.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.6.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.6.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/openssl-0.9.7g-2.6.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/openssl-0.9.7g-2.6.20060mlcs4.src.rpm Mandriva Linux 2007.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/libopenssl0.9.8-0.9.8e-2.2mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/libopenssl0.9.8-devel-0.9.8e-2.2mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/libopenssl0.9.8-static-devel-0.9.8e-2.2mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/openssl-0.9.8e-2.2mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/SRPMS/openssl-0.9.8e-2.2mdv2007.1.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/lib64openssl0.9.8-0.9.8e-2.2mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/lib64openssl0.9.8-devel-0.9.8e-2.2mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-2.2mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/openssl-0.9.8e-2.2mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/SRPMS/openssl-0.9.8e-2.2mdv2007.1.src.rpm FreeBSD (FreeBSD-SA-07:08.openssl) FreeBSD 5.5, 6.1, 6.2 http://security.FreeBSD.org/patches/SA-07:08/openssl.patch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc Debian (DSA 1379-2) Source http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge5.dsc http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge5.diff.gz alpha http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge5_alpha.deb amd64 http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge5_amd64.deb arm http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge5_arm.deb hppa http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge5_hppa.deb i386 http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge5_i386.deb ia64 http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge5_ia64.deb mips http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge5_mips.deb powerpc http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge5_powerpc.deb s390 http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge5_s390.deb sparc http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge5_sparc.deb Debian Linux Source http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch1.dsc http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k.orig.tar.gz http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch1.diff.gz alpha http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch1_alpha.deb http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch1_alpha.deb amd64 http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch1_amd64.deb http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch1_amd64.deb arm http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch1_arm.deb http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch1_arm.deb hppa http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch1_hppa.deb http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch1_hppa.deb i386 http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch1_i386.deb http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch1_i386.deb ia64 http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch1_ia64.deb http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch1_ia64.deb mips http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch1_mips.deb http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch1_mips.deb mipsel http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch1_mipsel.deb http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch1_mipsel.deb powerpc http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch1_powerpc.deb http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch1_powerpc.deb s390 http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch1_s390.deb http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch1_s390.deb sparc http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch1_sparc.deb http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch1_sparc.deb Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. OpenSSL OpenSSL 0.9.8f http://www.openssl.org/source/ Red Hat (RHSA-2007:0964-4) RHEL Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) https://rhn.redhat.com/ Red Hat (RHSA-2007:0813-2) Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor https://rhn.redhat.com/ FreeBSD Actualiza FreeBSD a 5-STABLE, o 6-STABLE, o a RELENG_6_2, RELENG_6_1, o RELENG_5_5 con una fecha posterior a la fecha de correción de la vulnerabilidad. FreeBSD 5.5, 6.1, 6.2 - Aplica los siguientes parches http://security.FreeBSD.org/patches/SA-07:08/openssl.patch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc Sun (200858) Solaris 10 / SPARC / patch 127111-08 Solaris 10 / x86 / patch 127112-08 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2007-5135 |
| BID | 25831 |
Other resources |
|
|
Debian Security Advisory (DSA 1379-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00150.html Mandriva Security Advisory (MDKSA-2007:193) http://www.mandriva.com/security/advisories?name=MDKSA-2007:193 FreeBSD Security Advisory (FreeBSD-SA-07:08.openssl) http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc Debian Security Advisory (DSA 1379-2) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00157.html SUSE Security Summary Report (SUSE-SR:2007:020) http://www.novell.com/linux/security/advisories/2007_20_sr.html OpenSSL Security Advisory [12-Oct-2007] http://www.openssl.org/news/secadv_20071012.txt Red Hat Security Advisory (RHSA-2007:0964-4) https://rhn.redhat.com/errata/RHSA-2007-0964.html Red Hat Security Advisory (RHSA-2007:0813-2) https://rhn.redhat.com/errata/RHSA-2007-0813.html FreeBSD Security Advisory (FreeBSD-SA-07:08.openssl) http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc Sun Alert Notification (200858) http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1 SUSE Security Advisory (SUSE-SR:2008:005) http://www.novell.com/linux/security/advisories/2008_5_sr.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2007-10-03 |
| 1.1 | Aviso emitido por Mandriva (MDKSA-2007:193), aviso emitido por FreeBSD (FreeBSD-SA-07:08.openssl) | 2007-10-08 |
| 1.2 | Aviso emitido por Debian (DSA 1379-2) | 2007-10-11 |
| 1.3 | Aviso emitido por Suse (SUSE-SR:2007:020) | 2007-10-15 |
| 1.4 | Aviso emitido por OpenSSl [12-Oct-2007], aviso emitido por Red Hat (RHSA-2007:0964-4) | 2007-10-16 |
| 1.5 | Aviso emitido por Red Hat (RHSA-2007:0813-2) | 2007-10-24 |
| 1.6 | Aviso emitido por FreeBSD (FreeBSD-SA-07:08.openssl) | 2007-12-03 |
| 1.7 | Aviso emitido por Sun (200858), BID añadido, XF añadido | 2008-02-18 |
| 1.8 | Aviso emitido por Suse (SUSE-SR:2008:005) | 2008-03-07 |