Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] OpenSSL Vulnerability
  • From: "Konstantin (Kastus) Shchuka" <kastus@xxxxxxxxx>
  • Date: Fri, 13 Sep 2002 20:03:49 -0700
  • Message-id: <20020914030349.GA11836@xxxxxxxxx>
On Fri, Sep 13, 2002 at 05:33:24PM -0500, bryan@xxxxxxxxxxxx wrote:
> This looks to be pretty new and I haven't found anything addressing the issue
> as of yet.
>
> Just curious...

Just run "rpm -q openssl --changelog"

>
>
> OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability
> http://online.securityfocus.com/bid/5363/solution
>
> Linux.Slapper.Worm
> http://securityresponse.symantec.com/avcenter/venc/data/linux.slapper.worm.html
>
> Users are strongly encouraged to upgrade existing versions of OpenSSL to
> version 0.9.6e or 0.9.7beta3.

No need if you are using SuSE packages:

on 7.3 (openssl-0.9.6b-150):
* Fri Jul 26 2002 - okir@xxxxxxx

- Added security patch for remotely exploitable buffer overflows


on 8.0 (openssl-0.9.6c-80)
* Fri Jul 26 2002 - okir@xxxxxxx

- Added security patch for remotely exploitable buffer overflows

Regards, -Kastus

< Previous Next >
References