Fedora Linux 8525 Published by

A new update is available for Fedora Core - [SECURITY] Fedora Core 3 Update: openssl096b-0.9.6b-21.42. Here the announcement:



Fedora Update Notification
FEDORA-2005-1042
2005-10-31
---------------------------------------------------------------------

Product : Fedora Core 3
Name : openssl096b
Version : 0.9.6b
Release : 21.42
Summary : The OpenSSL toolkit.
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

---------------------------------------------------------------------
Update Information:

CAN-2004-0079, a remote crasher, was originally believed to
only affect versions of OpenSSL after 0.9.6b verified with
Codenomicon test suite (see pkt539.c). However we've had a
customer report that this affects 0.9.6b via a different
reproducer. This therefore affects the openssl096b
compat packages as shipped with FC-3.

---------------------------------------------------------------------
* Mon Oct 31 2005 Tomas Mraz <tmraz@redhat.com> 0.9.6b-21.42
- fix CVE-2004-0079 - prevent a null pointer assignment in
do_change_cipher_spec()
- add security fix for CVE-2003-0851 to sync with 2.1AS


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

8d68e4b430aa7c5ca067c12866ae694e SRPMS/openssl096b-0.9.6b-21.42.src.rpm
54a9e78a2fdd625b9dc9121e09eb4398 x86_64/openssl096b-0.9.6b-21.42.x86_64.rpm
c5c6174e23eba8d038889d08f49231b8 x86_64/debug/openssl096b-debuginfo-0.9.6b-21.42.x86_64.rpm
56b63fc150d0c099b2e4f0950e21005b x86_64/openssl096b-0.9.6b-21.42.i386.rpm
56b63fc150d0c099b2e4f0950e21005b i386/openssl096b-0.9.6b-21.42.i386.rpm
93195495585c7e9789041c75b1ed5380 i386/debug/openssl096b-debuginfo-0.9.6b-21.42.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.