OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 20-Mar-2003 21:21:13 Branch: HEAD Handle: 2003032020211300 Modified files: openpkg-web/security OpenPKG-SA-2003.026-openssl.txt Log: final polishing and signing Summary: Revision Changes Path 1.2 +13 -3 openpkg-web/security/OpenPKG-SA-2003.026-openssl.txt ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-web/security/OpenPKG-SA-2003.026-openssl.txt ============================================================================ $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2003.026-openssl.txt --- openpkg-web/security/OpenPKG-SA-2003.026-openssl.txt 20 Mar 2003 20:17:53 -0000 1.1 +++ openpkg-web/security/OpenPKG-SA-2003.026-openssl.txt 20 Mar 2003 20:21:13 -0000 1.2 @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project @@ -41,14 +44,14 @@ in their report "Attacking RSA-based Sessions in SSL/TLS" [2]. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2003-0147 [3] to the problem. - + Their attack requires the attacker to open millions of SSL/TLS connections to the server under attack. The server's behaviour when faced with specially made-up RSA ciphertexts can reveal information that in effect allows the attacker to perform a single RSA private key operation on a ciphertext of its choice using the server's RSA key. Note that the server's RSA key is not compromised in this attack. - + Please check whether you are affected by running "<prefix>/bin/rpm -q openssl". If you have the "openssl" package installed and its version is affected (see above), we recommend that you immediately upgrade it @@ -74,7 +77,7 @@ $ su - # <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/openssl-0.9.7-1.2.3.*.rpm - Additionally, you have to rebuild and reinstall all dependent + Additionally, you have to rebuild and reinstall all dependent packages (see above), too. [4][5] ________________________________________________________________________ @@ -101,3 +104,10 @@ the command "gpg --verify --keyserver keyserver.pgp.com". ________________________________________________________________________ +-----BEGIN PGP SIGNATURE----- +Comment: OpenPKG <[EMAIL PROTECTED]> + +iD8DBQE+eiKhgHWT4GPEy58RAqHmAKCc3shS04jp9yf7nidbRICYwPCjlACgwD0B +MS3AX0PNpAWSRzlTmGr6nDg= +=6fnm +-----END PGP SIGNATURE----- @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]