-----Ursprüngliche Nachricht----- Von: Joachim Hummel [mailto:joachim.hummel@ebe-online.de] Gesendet: Sonntag, 15. September 2002 20:18
-----Ursprüngliche Nachricht----- Von: Konstantin (Kastus) Shchuka [mailto:kastus@tsoft.com] Gesendet: Samstag, 14. September 2002 05:04 An: suse-security@suse.com
OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability http://online.securityfocus.com/bid/5363/solution
Linux.Slapper.Worm
http://securityresponse.symantec.com/avcenter/venc/data/linux.slapper.
worm.html
Users are strongly encouraged to upgrade existing versions of OpenSSL to version 0.9.6e or 0.9.7beta3.
No need if you are using SuSE packages:
on 7.3 (openssl-0.9.6b-150): * Fri Jul 26 2002 - okir@suse.de
- Added security patch for remotely exploitable buffer overflows
I think it would be wise to include reusable information in the changelog, such as CVE-IDs, CERT Advisory numbers, and of course SuSE SA number(s). This way one must not further investigate "which buffer overflow was announced the last 30 days before the patch was made". Just my 0,02 Eur Thomas PS: CC'ed security@suse.de as indirectly requested by Roman :-)