Secunia Logo
Netsikker nu! 2008
 Vulnerability IntelligenceVulnerability ScanningBlog - new entry!Corporate InformationOnline ShopCustomer Login  
 Secunia AdvisoriesSecunia ResearchBinary Analysis  
Home > Vulnerability Intelligence > Secunia Advisories > Debian update for openssl
Secunia Advisories
Advisories
Search
Advisories by Product
Advisories by Vendor
Historic Advisories
Mailing Lists & RSS
Report Vulnerability
Contact Form
Business Solutions Restricted
Partner Solutions Restricted
About
 
Debian update for openssl
Secunia Advisory: SA22240
Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2006-10-02
Last Update: 2006-10-03
Popularity: 5,496 views

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS:Debian GNU/Linux 3.1
Debian GNU/Linux unstable alias sid
Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2006-2940
CVE-2006-3738
CVE-2006-4343
CVE-2006-2937
Description:
Debian has issued an update for openssl. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

For more information:
SA22130

Solution:
Apply updated packages.

-- Debian GNU/Linux 3.1 alias sarge --

Source archives:

http://security.debian.org/pool/updat.../o/openssl/openssl_0.9.7e-3sarge4.dsc
Size/MD5 checksum: 639 179f34093d860afff66964b5f1c99ee3
http://security.debian.org/pool/updat...penssl/openssl_0.9.7e-3sarge4.diff.gz
Size/MD5 checksum: 29707 0b4d462730327aba5a751bd4bec71c10
http://security.debian.org/pool/updat.../o/openssl/openssl_0.9.7e.orig.tar.gz
Size/MD5 checksum: 3043231 a8777164bca38d84e5eb2b1535223474

Alpha architecture:

http://security.debian.org/pool/updat...l/libssl-dev_0.9.7e-3sarge4_alpha.deb
Size/MD5 checksum: 3341886 f0d0ef51fac89227b0d0705116439f5c
http://security.debian.org/pool/updat.../libssl0.9.7_0.9.7e-3sarge4_alpha.deb
Size/MD5 checksum: 2448092 8065c52c7649f36221f8a48adfb4cb29
http://security.debian.org/pool/updat...nssl/openssl_0.9.7e-3sarge4_alpha.deb
Size/MD5 checksum: 930234 5953c4c4a45352d41c3c414eda63ff00

AMD64 architecture:

http://security.debian.org/pool/updat...l/libssl-dev_0.9.7e-3sarge4_amd64.deb
Size/MD5 checksum: 2693980 cbd25bbed17ec73561337bfc3d8ed2ed
http://security.debian.org/pool/updat.../libssl0.9.7_0.9.7e-3sarge4_amd64.deb
Size/MD5 checksum: 769904 2671cdf2f48013617ea509daac2bb4dc
http://security.debian.org/pool/updat...nssl/openssl_0.9.7e-3sarge4_amd64.deb
Size/MD5 checksum: 903782 e370684d7c84d1eebcb69cdda35c6c6c

ARM architecture:

http://security.debian.org/pool/updat...ssl/libssl-dev_0.9.7e-3sarge4_arm.deb
Size/MD5 checksum: 2556330 75c1a253ddad0b7ad87053552770e5c4
http://security.debian.org/pool/updat...sl/libssl0.9.7_0.9.7e-3sarge4_arm.deb
Size/MD5 checksum: 690202 ccd435ca2c183940152f3bd70d84ee0b
http://security.debian.org/pool/updat...penssl/openssl_0.9.7e-3sarge4_arm.deb
Size/MD5 checksum: 894144 2e5caaa90184d9ee9e607d18728e6f93

HP Precision architecture:

http://security.debian.org/pool/updat...sl/libssl-dev_0.9.7e-3sarge4_hppa.deb
Size/MD5 checksum: 2695990 58fe1a247ef47faa559eef610b437db6
http://security.debian.org/pool/updat...l/libssl0.9.7_0.9.7e-3sarge4_hppa.deb
Size/MD5 checksum: 791382 f0c64d06307af937218944d6d8db6e2f
http://security.debian.org/pool/updat...enssl/openssl_0.9.7e-3sarge4_hppa.deb
Size/MD5 checksum: 914576 631c681a3c4ce355962a7c684767a155

Intel IA-32 architecture:

http://security.debian.org/pool/updat...sl/libssl-dev_0.9.7e-3sarge4_i386.deb
Size/MD5 checksum: 2554956 c4c9aa14e74dbd6dac2cadd7cf48b522
http://security.debian.org/pool/updat...l/libssl0.9.7_0.9.7e-3sarge4_i386.deb
Size/MD5 checksum: 2265180 9047b6c6036c048ad75fa397f220ae39
http://security.debian.org/pool/updat...enssl/openssl_0.9.7e-3sarge4_i386.deb
Size/MD5 checksum: 906268 070d1d1680f90da5509121c44de7a254

Intel IA-64 architecture:

http://security.debian.org/pool/updat...sl/libssl-dev_0.9.7e-3sarge4_ia64.deb
Size/MD5 checksum: 3396206 3a3d88238a48d33b39e7575a97c6cfdf
http://security.debian.org/pool/updat...l/libssl0.9.7_0.9.7e-3sarge4_ia64.deb
Size/MD5 checksum: 1038432 e2e4e1d388c5d45c8d30e16d661ad24c
http://security.debian.org/pool/updat...enssl/openssl_0.9.7e-3sarge4_ia64.deb
Size/MD5 checksum: 975152 1783b49f3b7a12bd18dff0fcc37f5d68

Motorola 680x0 architecture:

http://security.debian.org/pool/updat...sl/libssl-dev_0.9.7e-3sarge4_m68k.deb
Size/MD5 checksum: 2317348 b4930b1cf5e642bf509d44dd83de193f
http://security.debian.org/pool/updat...l/libssl0.9.7_0.9.7e-3sarge4_m68k.deb
Size/MD5 checksum: 661716 d5fb4eb5947c8765e268696e94a46a8b
http://security.debian.org/pool/updat...enssl/openssl_0.9.7e-3sarge4_m68k.deb
Size/MD5 checksum: 889932 e1ecef3780edd38743246dfda1424e8c

Big endian MIPS architecture:

http://security.debian.org/pool/updat...sl/libssl-dev_0.9.7e-3sarge4_mips.deb
Size/MD5 checksum: 2779464 591dbe4f6d73d56c9e9ff72f2d0a5385
http://security.debian.org/pool/updat...l/libssl0.9.7_0.9.7e-3sarge4_mips.deb
Size/MD5 checksum: 706682 0b3de7eef13969d065ed057fda34afc2
http://security.debian.org/pool/updat...enssl/openssl_0.9.7e-3sarge4_mips.deb
Size/MD5 checksum: 896834 e2b8f38056a06f63c3ce6c10d9d95dba

Little endian MIPS architecture:

http://security.debian.org/pool/updat.../libssl-dev_0.9.7e-3sarge4_mipsel.deb
Size/MD5 checksum: 2767364 883d0167f6642e90e8a183b4f87a78ba
http://security.debian.org/pool/updat...libssl0.9.7_0.9.7e-3sarge4_mipsel.deb
Size/MD5 checksum: 694532 f4961231ef2c2b8ff46f173338a7fa36
http://security.debian.org/pool/updat...ssl/openssl_0.9.7e-3sarge4_mipsel.deb
Size/MD5 checksum: 895922 2ad35f3927ba71d8054fe8cd4316f5b0

PowerPC architecture:

http://security.debian.org/pool/updat...libssl-dev_0.9.7e-3sarge4_powerpc.deb
Size/MD5 checksum: 2775608 0dca0ec9cf2d230ce68394849be748b1
http://security.debian.org/pool/updat...ibssl0.9.7_0.9.7e-3sarge4_powerpc.deb
Size/MD5 checksum: 779456 6736cdc1dfe5f19013f4dee0a2b3b1cf
http://security.debian.org/pool/updat...sl/openssl_0.9.7e-3sarge4_powerpc.deb
Size/MD5 checksum: 908418 8759696eff63836597e4247c06ba7b22

IBM S/390 architecture:

http://security.debian.org/pool/updat...sl/libssl-dev_0.9.7e-3sarge4_s390.deb
Size/MD5 checksum: 2717788 12fb63ace68a2698c19c725530ab18d9
http://security.debian.org/pool/updat...l/libssl0.9.7_0.9.7e-3sarge4_s390.deb
Size/MD5 checksum: 814012 adcee88124369de1daeae0545e0517a0
http://security.debian.org/pool/updat...enssl/openssl_0.9.7e-3sarge4_s390.deb
Size/MD5 checksum: 918524 b93704f4ce84489d4ee163098a783962

Sun Sparc architecture:

http://security.debian.org/pool/updat...l/libssl-dev_0.9.7e-3sarge4_sparc.deb
Size/MD5 checksum: 2630606 a20a47b2f291810a09fd04a4c130ddb0
http://security.debian.org/pool/updat.../libssl0.9.7_0.9.7e-3sarge4_sparc.deb
Size/MD5 checksum: 1886152 8521da994bf2a6df3bdc457fb3e0683b
http://security.debian.org/pool/updat...nssl/openssl_0.9.7e-3sarge4_sparc.deb
Size/MD5 checksum: 924556 ff8cee5f5a9653a9dd917b4ec51166ee

-- Debian GNU/Linux unstable alias sid --

Reportedly, this will be fixed in version 0.9.7k-3 of the openssl097 compatibility libraries, and version 0.9.8c-3 of the openssl package.

Changelog:
2006-10-03: Updated "Solution" section with new packages, previous packages introduced another error, which could lead to a DoS.

Original Advisory:
http://www.us.debian.org/security/2006/dsa-1185

Other References:
SA22130:
http://secunia.com/advisories/22130/

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

10th Oct, 2008
New advisories: 15
New vulnerabilities: 83
Updated advisories: 41

Moderately // 321 views
ScriptsEz Easy Image Downloader "id" File Disclosure Vulnerability
Moderately // 319 views
Built2go Real Estate Listings "event_id" SQL Injection
Highly // 503 views
Sun Java System Web Proxy Server FTP Subsystem Buffer Overflow
Moderately // 356 views
Red Hat update for cups
Highly // 363 views
DFF PHP Framework API "DFF_config[dir_incl ude]" File Inclusion Vulnerabilities
Not // 387 views
FUJITSU Interstage Products Apache Tomcat Security Bypass
Moderately // 614 views
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
Moderately // 362 views
Fedora update for condor
Moderately // 666 views
CUPS Multiple Vulnerabilities
Not // 407 views
Gentoo Portage Insecure Python Module Search Path Security Issue

Solutions | More...  

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. CA ARCserve Backup Multiple Vulnerabilities // 33 views
2. CUPS Multiple Vulnerabilities // 31 views
3. Sun Java System Web Proxy Server FTP Subsystem Buffer Overflow // 31 views
4. Zeroboard Two Vulnerabilities // 29 views
5. Apple Mac OS X Security Update Fixes Multiple Vulnerabilities // 29 views
6. Fedora update for ruby // 28 views
7. ScriptsEz Easy Image Downloader "id" File Disclosure Vulnerability // 25 views
8. Fedora update for condor // 23 views
9. FUJITSU Interstage Products Apache Tomcat Security Bypass // 23 views
10. Red Hat update for cups // 23 views



Contact | Terms & Conditions and Copyright | Report Vulnerability | Press | Jobs | About Secunia
Copyright Secunia 2002-2008