-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2100-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff August 30, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------
Package : openssl Vulnerability : double free Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2010-2939 George Guninski discovered a double free in the ECDH code of the OpenSSL crypto library, which may lead to denial of service and potentially the execution of arbitrary code. For the stable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny8. For the unstable distribution (sid), this problem has been fixed in version 0.9.8o-2. We recommend that you upgrade your openssl packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz Size/MD5 checksum: 3354792 acf70a16359bf3658bdfb74bda1c4419 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8.dsc Size/MD5 checksum: 1973 b3bc5cc9d4396dd53408d1523e5d9922 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8.diff.gz Size/MD5 checksum: 60148 e011a196c7a96bdcfba8e8d1c7842d7a alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_alpha.deb Size/MD5 checksum: 1028966 c533c4f1ed722bfc684fb2aa7ae0bbaf http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_alpha.deb Size/MD5 checksum: 2583198 ee814656292202df8e66508a78e76757 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_alpha.udeb Size/MD5 checksum: 722118 7bfdc9cff603e3c71014987e99a33637 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_alpha.deb Size/MD5 checksum: 2814048 c5309df7a3eff59618da50ea20e0bb1f http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_alpha.deb Size/MD5 checksum: 4369476 8e583136a6e221ba239a305447cd55fd amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_amd64.deb Size/MD5 checksum: 975790 04b625095430068834e3621b47749d60 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_amd64.deb Size/MD5 checksum: 2243092 0b4a82a5a95df9d092498065e2c69d88 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_amd64.deb Size/MD5 checksum: 1627634 e86e98d321e13f6941a5b14568cecbae http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_amd64.udeb Size/MD5 checksum: 638416 d578d3861d7402f70d340cb138e969c8 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_amd64.deb Size/MD5 checksum: 1043270 7ccee021eceb10b6bcd55222f0f9c00f arm architecture (ARM) http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_arm.deb Size/MD5 checksum: 1028840 a473c6b7dfc800b0ad4f3a2320ed34e5 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_arm.deb Size/MD5 checksum: 1490650 9032ae14c182e5adbe934b083588a785 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_arm.deb Size/MD5 checksum: 2087038 b17611d1c503a30363357014a4523414 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_arm.udeb Size/MD5 checksum: 536038 e44733e9826dc24561732f7885df50f3 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_arm.deb Size/MD5 checksum: 844412 1a23967e4c4c3ad3f97c21a47e8d3bac armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_armel.deb Size/MD5 checksum: 1031134 cfce1ef9bc3a6768ed052b23d9781cdf http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_armel.deb Size/MD5 checksum: 849994 340a78374851cbd1aca2ea8344ba54ba http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_armel.deb Size/MD5 checksum: 2096496 34ad0dffc16f3ff0deac8fb6e8b2cd2e http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_armel.udeb Size/MD5 checksum: 540784 51b9cd8fee37fbd55c512db13e556b2c http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_armel.deb Size/MD5 checksum: 1506252 7d52d569cd8be4e1ce2f60cf05519ed8 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_hppa.deb Size/MD5 checksum: 2268554 4339767f35a5fdfe0e20c11eea6f3b82 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_hppa.deb Size/MD5 checksum: 1046972 66ba3aa9fb82893461f7dfd38c2fb586 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_hppa.deb Size/MD5 checksum: 969042 5851386ee3b68d609533896a64701aea http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_hppa.deb Size/MD5 checksum: 1528486 f867ab97ab589b0356b7e5085c337442 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_hppa.udeb Size/MD5 checksum: 634500 02ad6d507ccc026810116b0e2a9d1b0c i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_i386.deb Size/MD5 checksum: 1035808 891f554f175236fed6ba2e78836efbf0 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_i386.deb Size/MD5 checksum: 2977216 e7002003f49898963b51fc60d986660b http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_i386.deb Size/MD5 checksum: 5393090 596c50c449a97cd8652e7116df06cb82 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_i386.udeb Size/MD5 checksum: 591774 4eadb7676b04e66b2ce5a94c0fbabeaf http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_i386.deb Size/MD5 checksum: 2108390 88d1201dbb7f7e2806f36c9c8b945c60 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_ia64.deb Size/MD5 checksum: 2666450 490fc734a403d18fdcff30f3d4430eb7 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_ia64.deb Size/MD5 checksum: 1465484 d44c2feba9e5e946a1f05975c010eff5 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_ia64.udeb Size/MD5 checksum: 865354 db7a81175a7687d21a7bc78651758fdc http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_ia64.deb Size/MD5 checksum: 1105058 d757a92ae7a9992aed13984efce04c27 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_ia64.deb Size/MD5 checksum: 1280580 9302c8ec90b228b8e5c309077345a4f6 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_mips.deb Size/MD5 checksum: 899398 f1afc1bd010c170d4c3cc1536dc18f99 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_mips.deb Size/MD5 checksum: 2304822 7119c17aad6cedb6fe917b006cbd23aa http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_mips.udeb Size/MD5 checksum: 585112 315040d22ee0183a8743d4f83d475e55 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_mips.deb Size/MD5 checksum: 1624120 028858a3ea8b187e62cfbef6472d0a3d http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_mips.deb Size/MD5 checksum: 1024826 e05816850ac1042054512581efad8186 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_mipsel.deb Size/MD5 checksum: 1588188 2d22ed0b4f0ba51a99124d02fc4f938f http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_mipsel.udeb Size/MD5 checksum: 572372 ae996b71ca701f620f47f3f9b3adb4e5 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_mipsel.deb Size/MD5 checksum: 2294950 4ead973a8ae6b219789383a098129f6e http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_mipsel.deb Size/MD5 checksum: 885576 d71d3da4eabce725eb9db564ed51f94f http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_mipsel.deb Size/MD5 checksum: 1012124 9852687e5a2129c070e19c174c04a57f powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_powerpc.deb Size/MD5 checksum: 1000536 302fdfa358fa81643764272c3bfb6bd6 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_powerpc.deb Size/MD5 checksum: 2244344 442368fa4ab11ea17fa752f66bbce767 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_powerpc.deb Size/MD5 checksum: 1644026 fb2bb5e6d08598405cf0cbbf47aa2a08 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_powerpc.deb Size/MD5 checksum: 1035350 41f30f1ea50b63ba43c7bdfabef0e5ca http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_powerpc.udeb Size/MD5 checksum: 656162 a8d196b8c6ddec04bba99cf105a82f89 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_s390.deb Size/MD5 checksum: 1602434 556df4caf296dcabe80911f991165f9d http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_s390.deb Size/MD5 checksum: 1024524 ec70f8625e30bbdfa7da0eba25d2d1c6 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_s390.deb Size/MD5 checksum: 2231778 293db646ff3508532b143725d18e3edb http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_s390.udeb Size/MD5 checksum: 693038 578371a2bdde98c7f1fcef9371eeaca5 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_s390.deb Size/MD5 checksum: 1051104 d0242ea2b04ad52eb795bd7a6569298d sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_sparc.deb Size/MD5 checksum: 3867898 081e1addfcfcea3c32fddef4570806a6 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_sparc.deb Size/MD5 checksum: 1044670 bfc18d2fd2a61d2c093f0a1e2395df5c http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_sparc.deb Size/MD5 checksum: 2148206 88e85ad27c456f5b68553e58de8a2d2b http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_sparc.deb Size/MD5 checksum: 2292216 b98676306a58912992cef47a76615171 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_sparc.udeb Size/MD5 checksum: 580504 6a12e4b8e9ea08da70d48c65e59b6828 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-annou...@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkx7++sACgkQXm3vHE4uylqvcACfRl8NYBBm3ZjNwsPcuKxBEoDn t6kAnRce7cUminmZ1L5xjEUJ6C62Wo7j =bFRp -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/