OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 20-Mar-2003 21:21:13
Branch: HEAD Handle: 2003032020211300
Modified files:
openpkg-web/security OpenPKG-SA-2003.026-openssl.txt
Log:
final polishing and signing
Summary:
Revision Changes Path
1.2 +13 -3 openpkg-web/security/OpenPKG-SA-2003.026-openssl.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2003.026-openssl.txt
============================================================================
$ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2003.026-openssl.txt
--- openpkg-web/security/OpenPKG-SA-2003.026-openssl.txt 20 Mar 2003 20:17:53
-0000 1.1
+++ openpkg-web/security/OpenPKG-SA-2003.026-openssl.txt 20 Mar 2003 20:21:13
-0000 1.2
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
@@ -41,14 +44,14 @@
in their report "Attacking RSA-based Sessions in SSL/TLS" [2]. The
Common Vulnerabilities and Exposures (CVE) project assigned the id
CAN-2003-0147 [3] to the problem.
-
+
Their attack requires the attacker to open millions of SSL/TLS
connections to the server under attack. The server's behaviour when
faced with specially made-up RSA ciphertexts can reveal information
that in effect allows the attacker to perform a single RSA private key
operation on a ciphertext of its choice using the server's RSA key.
Note that the server's RSA key is not compromised in this attack.
-
+
Please check whether you are affected by running "<prefix>/bin/rpm -q
openssl". If you have the "openssl" package installed and its version
is affected (see above), we recommend that you immediately upgrade it
@@ -74,7 +77,7 @@
$ su -
# <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/openssl-0.9.7-1.2.3.*.rpm
- Additionally, you have to rebuild and reinstall all dependent
+ Additionally, you have to rebuild and reinstall all dependent
packages (see above), too. [4][5]
________________________________________________________________________
@@ -101,3 +104,10 @@
the command "gpg --verify --keyserver keyserver.pgp.com".
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQE+eiKhgHWT4GPEy58RAqHmAKCc3shS04jp9yf7nidbRICYwPCjlACgwD0B
+MS3AX0PNpAWSRzlTmGr6nDg=
+=6fnm
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
