Boletines de Vulnerabilidades |
Falsificación de firmas RSA en OpenSSL |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Integridad |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado |
OpenSSL <= 0.9.7j OpenSSL <= 0.9.8b |
Descripción |
|
Se ha descubierto una vulnerabilidad en OpenSSL 0.9.7j, 0.9.8b y anteriores. La vulnerabilidad reside en que ciertas implementaciones verifican incorrectamente ciertas firmas. Un atacante remoto podría falsificar una firma PKCS #1 v1.5 firmada con una clave RSA con exponente 3, como un certificado X.509. |
|
Solución |
|
Actualización de software OpenSSL OpenSSL 0.9.7 / 0.9.7k http://www.openssl.org/source/openssl-0.9.7k.tar.gz OpenSSL 0.9.8 / 0.9.8c http://www.openssl.org/source/openssl-0.9.8c.tar.gz Mandriva Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libopenssl0.9.7-0.9.7c-3.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libopenssl0.9.7-devel-0.9.7c-3.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libopenssl0.9.7-static-devel-0.9.7c-3.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/openssl-0.9.7c-3.5.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/openssl-0.9.7c-3.5.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-0.9.7c-3.5.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-devel-0.9.7c-3.5.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7c-3.5.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/openssl-0.9.7c-3.5.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/openssl-0.9.7c-3.5.C30mdk.src.rpm Multi Network Firewall 2.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/libopenssl0.9.7-0.9.7c-3.5.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/libopenssl0.9.7-devel-0.9.7c-3.5.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/libopenssl0.9.7-static-devel-0.9.7c-3.5.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/openssl-0.9.7c-3.5.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/SRPMS/openssl-0.9.7c-3.5.M20mdk.src.rpm Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libopenssl0.9.7-0.9.7g-2.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libopenssl0.9.7-devel-0.9.7g-2.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libopenssl0.9.7-static-devel-0.9.7g-2.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/openssl-0.9.7g-2.3.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/openssl-0.9.7g-2.3.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64openssl0.9.7-0.9.7g-2.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64openssl0.9.7-devel-0.9.7g-2.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7g-2.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/openssl-0.9.7g-2.3.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/openssl-0.9.7g-2.3.20060mdk.src.rpm Red Hat Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 Itanium https://rhn.redhat.com/ Red Hat (gnutls) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ FreeBSD FreeBSD 4.11, 5.3, 5.4, 5.5, 6.0, 6.1 http://security.FreeBSD.org/patches/SA-06:19/openssl.patch OpenBSD OpenBSD 3.8 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/016_openssl.patch OpenBSD 3.9 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/011_openssl.patch Debian Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.dsc http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.diff.gz http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_alpha.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_alpha.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_alpha.deb AMD64 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_amd64.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_amd64.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_amd64.deb ARM http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_arm.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_arm.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_arm.deb HP Precision http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_hppa.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_hppa.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_i386.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_i386.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_ia64.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_ia64.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_ia64.deb Motorola 680x0 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_m68k.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_m68k.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mips.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mips.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mipsel.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mipsel.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_powerpc.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_powerpc.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_s390.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_s390.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_sparc.deb http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_sparc.deb http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_sparc.deb Debian (openssl96) Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.dsc http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.diff.gz http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_alpha.deb AMD64 http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_amd64.deb ARM http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_arm.deb HP Precision http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_ia64.deb Motorola 680x0 http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_sparc.deb Debian Linux (gnutls11) Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/g/gnutls11/gnutls11_1.0.16-13.2sarge2.dsc http://security.debian.org/pool/updates/main/g/gnutls11/gnutls11_1.0.16-13.2sarge2.diff.gz http://security.debian.org/pool/updates/main/g/gnutls11/gnutls11_1.0.16.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_alpha.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_alpha.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_alpha.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_alpha.deb AMD64 http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_amd64.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_amd64.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_amd64.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_amd64.deb ARM http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_arm.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_arm.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_arm.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_arm.deb HP Precision http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_hppa.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_hppa.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_hppa.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_i386.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_i386.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_i386.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_ia64.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_ia64.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_ia64.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_ia64.deb Motorola 680x0 http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_m68k.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_m68k.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_m68k.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_mips.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_mips.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_mips.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_mipsel.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_mipsel.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_mipsel.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_powerpc.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_powerpc.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_powerpc.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_s390.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_s390.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_s390.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_sparc.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_sparc.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_sparc.deb http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_sparc.deb Mandriva Linux (gnutls) Mandriva Linux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/gnutls-1.0.25-2.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/libgnutls11-1.0.25-2.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/libgnutls11-devel-1.0.25-2.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/gnutls-1.0.25-2.2.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/gnutls-1.0.25-2.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/lib64gnutls11-1.0.25-2.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/lib64gnutls11-devel-1.0.25-2.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/libgnutls11-1.0.25-2.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/libgnutls11-devel-1.0.25-2.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/gnutls-1.0.25-2.2.20060mdk.src.rpm Corporate Server 4.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/gnutls-1.0.25-2.2.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/libgnutls11-1.0.25-2.2.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/libgnutls11-devel-1.0.25-2.2.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/gnutls-1.0.25-2.2.20060mlcs4.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/gnutls-1.0.25-2.2.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/lib64gnutls11-1.0.25-2.2.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/lib64gnutls11-devel-1.0.25-2.2.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/libgnutls11-1.0.25-2.2.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/libgnutls11-devel-1.0.25-2.2.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/gnutls-1.0.25-2.2.20060mlcs4.src.rpm NetBSD NetBSD-current < 2006-09-07 NetBSD 2.* < 2006-09-09 NetBSD 3.* < 2006-09-09 ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-daily/ Sun JDK and JRE 5.0 Update 9 http://java.sun.com/j2se/1.5.0/download.jsp SGI Advanced Linux Environment 3 / RPM / Patch 10332 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10332 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS Sun (102656) Sun Java Enterprise System 2003Q4 / Solaris 8 / SPARC / patch 114045-14 Sun Java Enterprise System 2004Q2, 2005Q1, 2005Q4 / Solaris 8 / SPARC / patch 119209-10 Sun Java Enterprise System 2003Q4 / Solaris 9 / SPARC / patch 114049-14 Sun Java Enterprise System 2004Q2, 2005Q1, 2005Q4 / Solaris 9 / SPARC / patch 119211-10 Solaris 9 / SPARC / patch 114049-14 Sun Java Enterprise System 2005Q1, 2005Q4 / Solaris 10 / SPARC / patch 119213-10 Solaris 10 / SPARC / patch 119213-10 Sun Java Enterprise System 2005Q1, 2005Q4 / Solaris 10 / x86 / patch 119214-10 Sun Java Enterprise System 2003Q4 / Solaris 9 / x86 / patch 114050-14 Sun Java Enterprise System 2004Q2, 2005Q1, 2005Q4 / Solaris 9 / x86 / patch 119212-10 Solaris 9 / x86 / patch 114050-14 Solaris 10 / x86 / patch 119214-10 Sun Java Enterprise System 2003Q4, 2004Q2, 2005Q1, 2005Q4 / Linux / patch 121656-10 Sun Java Enterprise System 2005Q1, 2005Q4 / HP-UX / patch 124379-01 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage Sun (102696) Java System Applciation Server Enterprise Edition 8.1 2005 Q1 / SPARC / patch 119169-12 or (SVR4) patch 119166-20 Java System Applciation Server Platform Edition 8.1 2005 Q1 / SPARC / patch 119173-12 or (SVR4) patch 119166-20 Sun Java System Web Server 6.1 / SPARC / patch 116648-19 Java System Applciation Server Enterprise Edition 8.1 2005 Q1 / x86 / patch 119170-12 or (SVR4) patch 119167-20 Java System Applciation Server Platform Edition 8.1 2005 Q1 / x86 / patch 119174-12 or (SVR4) patch 119167-20 Sun Java System Web Server 6.1 / x86 / patch 116649-19 Java System Applciation Server Enterprise Edition 8.1 2005 Q1 / Linux / patch 119171-12 or RHEL2.1/RHEL3.0 (Pkg_patch) 119168-20 Java System Applciation Server Platform Edition 8.1 2005 Q1 / Linux / patch 119175-12 or RHEL2.1/RHEL3.0 (Pkg_patch) 119168-20 Sun Java System Web Server 6.1 / Linux / patch 118202-11 Java System Applciation Server Enterprise Edition 8.1 2005 Q1 / Windows / patch 119172-12 Java System Applciation Server Platform Edition 8.1 2005 Q1 / Windows / patch 119176-12 Sun Java System Proxy Server 4.0 / Service Pack 4 http://www.sun.com/download/products.xml?id=45edcffe Sun Java System Web Server 6.0 / Service Pack 11 http://www.sun.com/download/products.xml?id=459db7b2 Sun Java System Web Server 6.1 / Service Pack 7 http://www.sun.com/download/products.xml?id=45c90ca9 No existe parche oficial, consulte regularmente la página Web del fabricante: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1 Cisco De momento, no existe parche oficial para esta vulnerabilidad. Recomendamos visitar periódicamente la web del proveedor: http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml Juniper De momento, no existe parche oficial para esta vulnerabilidad. Recomendamos visitar periódicamente la web del proveedor: http://www.juniper.net/alerts/viewale...=PSN-2006-10-002&actionBtn=Search Mandriva Mandriva Linux 2006.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm Mandriva Linux 2007.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm Corporate 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm Corporate 4.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm Multi Network Firewall 2.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm Sun(102722) Solaris 9 / SPARC / patch 113451-12 Solaris 9 / x86 / patch 114435-11 Solaris 10 / SPARC / patch 118371-08 Solaris 10 / x86 / patch 118372-08 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage Apple Security Update 2006-007 http://www.apple.com/support/downloads/securityupdate20060071039client.html http://www.apple.com/support/downloads/securityupdate20060071039server.html http://www.apple.com/support/downloads/securityupdate20060071048clientintel.html http://www.apple.com/support/downloads/securityupdate20060071048clientppc.html http://www.apple.com/support/downloads/securityupdate20060071048serverppc.html http://www.apple.com/support/downloads/securityupdate20060071048serveruniversal.html Sun (102648) J2SE 5.0 http://java.sun.com/j2se/1.5.0/download.jsp Sun (102657) Sun Secure Global Desktop Software 4.3 http://www.sun.com/download/products.xml?id=451d9816 Sun(102759) Solaris 10 / SPARC / patch 121229-02 Solaris 10 / SPARC (with SUNWcry) / patch 118562-13 Solaris 10 / x86 / patch 121230-02 Solaris 10 / x86 (with SUNWcry) / patch 118563-13 Solaris 9 / SPARC / patch 117123-08 Solaris 9 / x86 / patch 122715-02 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Hewlett-Packard HP PA-RISC 11.0 / Mozilla 1.7.8.00 HP PA-RISC 11i v1 (11.11) / Mozilla 1.7.8.00 HP PA-RISC 11i v2 (11.23) / Mozilla 1.7.8.00 HP Integrity 11.22 (11i v1.6) / Mozilla 1.7.8.00 HP-UX 11.23 (11i v2) / Mozilla 1.7.8.00 http://www.hp.com/products1/unix/java/mozilla/index.html Red Hat (RHSA-2007:0072-2) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux WS (v. 2.1) https://rhn.redhat.com/ Sun(102686) J2SE 1.4.2 / Windows / Solaris / Linux http://java.sun.com/j2se/1.4.2/download.html J2SE 5.0 / Windows / Solaris / Linux http://java.sun.com/j2se/1.5.0/download.jsp J2SE 5.0 Update 9 / Solaris / patch 118666-09 J2SE 5.0 Update 9 / Solaris (64bit) / patch 118667-09 J2SE 5.0_x86 Update 9 / Solaris / patch 118668-09 J2SE 5.0_x86 Update 9 / Solaris (64bit) / patch 118669-09 JSSE 1.0.3_04 / Windows / Solaris / Linux http://java.sun.com/products/jsse/index-103.html J2SE 1.3.1 / Windows / Solaris / Linux http://java.sun.com/products/archive/ http://java.com BEA (BEA07-169.00) WebLogic Server 9.2 / Maintenance Pack 1. WebLogic Server 9.1 / patch CR295567. WebLogic Server 9.0 WebLogic Server / Service Pack 6. WebLogic Express 8.1 / Service Pack 6. WebLogic Server / Service Pack 7. WebLogic Express 7.0 / Service Pack 7. http://commerce.bea.com/showallversions.jsp?family=WLS Sun(102970) Solaris 10 / SPARC / patch 123938-01 Solaris 10 / x86 / patch 123939-01 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage Sun (102744) Solaris 9 SSH / SPARC / patch 113273-14 Solaris 9 SSH / SPARC / patch 114356-11 Solaris 9 Packaging utilities / SPARC / patch 113713-24 Solaris 10 / SPARC / patch 121229-02 Solaris 9 SSH / x86 / patch 114357-10 Solaris 9 SSH / x86 / patch 114858-11 Solaris 9 Packaging utilities / x86 / patch 114568-23 Solaris 10 / x86 / patch 121230-02 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage Apple Java Release 6 / Mac OS X 10.4 http://www.apple.com/support/downloads/javaformacosx104release6.html Red Hat (RHSA-2008:0264-3) Red Hat Network Satellite (v. 5.0 para RHEL 4) https://rhn.redhat.com/ Red Hat (RHSA-2008:0629-3) Red Hat Network Satellite (v. 5.1 for RHEL 4) https://rhn.redhat.com/ |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE |
CVE-2006-4339 CVE-2006-4790 |
BID |
19849 20027 |
Recursos adicionales |
|
OpenSSL http://www.openssl.org/news/secadv_20060905.txt Mandriva Security Advisory (MDKSA-2006:161) http://www.mandriva.com/security/advisories?name=MDKSA-2006:161 Mandriva Security Advisory MDKSA-2006:166 http://www.mandriva.com/security/advisories?name=MDKSA-2006:166 Red Hat Security Advisory (RHSA-2006:0661-8) https://rhn.redhat.com/errata/RHSA-2006-0661.html Red Hat Security Advisory (RHSA-2006:0680-4) https://rhn.redhat.com/errata/RHSA-2006-0680.html FreeBSD Security Advisory (FreeBSD-SA-06:19.openssl) http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc OpenBSD Security Advisory Sep 8, 2006 http://www.openbsd.org/errata38.html#openssl OpenBSD Security Advisory Sep 8, 2006 http://www.openbsd.org/errata.html#openssl Debian Security Advisory (DSA 1173-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00264.html Debian Security Advisory (DSA 1174-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00265.html Debian Security Advisory DSA 1182-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00275.html SUSE Security Announcement SUSE-SA:2006:055 http://www.novell.com/linux/security/advisories/2006_55_ssl.html SUSE Security Summary Report SUSE-SR:2006:023 http://www.novell.com/linux/security/advisories/2006_23_sr.html NetBSD Security Advisory (NetBSD-SA2006-023) ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-023.txt.asc Sun(sm) Alert Notification 102648 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 Sun(sm) Alert Notification 102657 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1 SGI Security Advisory (20060901-01-P) ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc SUSE Security Advisory (SUSE-SA:2006:061) http://www.novell.com/linux/security/advisories/2006_61_opera.html Sun Alert Notification (102656) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1 Sun Alert Notification (102696) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1 Juniper http://www.juniper.net/alerts/viewale...=PSN-2006-10-002&actionBtn=Search Mandriva Security Advisory (MDKSA-2006:207) http://www.mandriva.com/security/advisories?name=MDKSA-2006:207 Sun Alert Notification (102722) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1 Apple Security Update 2006-007 (304829) http://docs.info.apple.com/article.html?artnum=304829 Sun Alert Notification (102759) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1 SUSE Security Advisory (SUSE-SA:2007:010) http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html HP SECURITY BULLETIN (HPSBUX02186) http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 Red Hat Security Advisory (RHSA-2007:0072-2) https://rhn.redhat.com/errata/RHSA-2007:0072.html Sun Alert Notification (102686) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1 BEA Security Advisory (BEA07-169.00) http://dev2dev.bea.com/pub/advisory/238 Sun Alert Notification (102970) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102970-1 Sun Alert Notification (102744) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1 Apple Security Update (307177) http://docs.info.apple.com/article.html?artnum=307177 Red Hat Security Advisory (RHSA-2008:0264-3) http://rhn.redhat.com/errata/RHSA-2008-0264.html Red Hat Security Advisory (RHSA-2008:0629-3) https://rhn.redhat.com/errata/RHSA-2008-0629.html |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2006-09-06 |
1.1 | Aviso emitido por Mandriva (MDKSA-2006:161). Aviso emitido por Red Hat (RHSA-2006:0661-8). Aviso emitido por FreeBSD (FreeBSD-SA-06:19.openssl) | 2006-09-07 |
1.2 | Aviso emitido por OpenBSD (Sep 8, 2006). Avisos emitidos por Debian (DSA 1173-1, DSA 1174-1) | 2006-09-12 |
1.3 | Aviso emitido por Red Hat (RHSA-2006:0680-4). CVE añadido | 2006-09-14 |
1.4 | Aviso emitido por Debian (DSA 1182-1). Aviso emitido por Mandriva (MDKSA-2006:166). | 2006-09-29 |
2.5 | Avisos emitidos por SUSE (SUSE-SA:2006:055, SUSE-SR:2006:023) | 2006-10-03 |
2.6 | Aviso emitido por NetBSD (NetBSD-SA2006-023) | 2006-10-06 |
2.7 | Avisos emitidos por Sun (102648, 102657) | 2006-10-09 |
2.8 | Aviso emitido por SGI (20060901-01-P) | 2006-10-16 |
2.9 | Aviso emitido por Suse (SUSE-SA:2006:061) | 2006-10-20 |
2.10 | Aviso actualizado por Sun (102656) | 2006-10-26 |
2.11 | Aviso actualizado por Sun (102696) | 2006-11-06 |
2.12 | Aviso actualizado por CISCO (71992) | 2006-11-09 |
2.13 | Aviso actualizado por Sun (102656) | 2006-11-10 |
2.14 | Aviso emitido por Juniper (PSN-2006-10-002) | 2006-11-14 |
2.15 | Aviso actualizado por Sun (102686), Aviso emitido por Mandriva (MDKSA-2006:207) | 2006-11-16 |
2.16 | Aviso actualizado por Sun (102696) | 2006-11-23 |
2.17 | Aviso emitido por Sun (102722) | 2006-11-29 |
2.18 | Aviso emitido por Apple (304829) | 2006-12-04 |
2.19 | Aviso actualizado por Sun (102648),Aviso actualizado por Sun (102657) | 2006-12-11 |
2.20 | Aviso emitido por Sun (102759), Aviso actualizado por Sun (102648) | 2006-12-27 |
2.21 | Aviso emitido por Suse (SUSE-SA:2007:010) | 2007-01-22 |
2.22 | Aviso emitido por HP (HPSBUX02186) | 2007-01-24 |
2.23 | Aviso actualizado por Sun (102722) | 2007-01-29 |
2.24 | Aviso emitido por Red Hat (RHSA-2007:0072-2) | 2007-02-13 |
2.25 | Aviso actualizado por Sun (102722) | 2007-02-15 |
2.26 | Aviso emitido por Sun (102686) | 2007-02-22 |
2.27 | Aviso actualizado por Sun (102722) | 2007-02-23 |
2.28 | Aviso actualizado por Sun (102696) | 2007-03-12 |
2.29 | Aviso actualizado por Sun (102696) | 2007-04-10 |
2.30 | Aviso actualizado por Sun (102759) | 2007-04-25 |
2.31 | Aviso actualizado por Sun (102696) | 2007-04-30 |
2.32 | Aviso emitido por BEA (BEA07-169.00) | 2007-05-22 |
2.33 | Aviso emitido por Sun (102970) | 2007-06-22 |
2.34 | Aviso actualizado por Sun (102759) | 2007-07-24 |
2.35 | Aviso emitido por Sun (102744), aviso actualizado por Sun (102759) | 2007-11-14 |
2.36 | Aviso emitido por Apple (307177) | 2007-12-17 |
2.37 | Aviso emitido por Red Hat (RHSA-2008:0264-3) | 2008-05-21 |
2.38 | Aviso emitido por Red Hat (RHSA-2008:0629-3) | 2008-08-19 |