L'équipe Vigil@nce veille les vulnérabilités publiques qui affectent votre parc informatique, puis propose des correctifs sécurité, une base de données de vigilance et des outils pour y remédier.

Vulnérabilité de OpenSSL : dénis de service

Synthèse de la vulnérabilité 

Trois erreurs de OpenSSL permettent à un attaquant de mener un déni de service sur ses applications.
Systèmes impactés : FW-1, VPN-1, ASA, Cisco Catalyst, Cisco CSS, IOS par Cisco, Cisco Router, WebNS, Debian, Fedora, FreeBSD, HP-UX, Mandriva Linux, NetBSD, OpenBSD, OpenSSL, openSUSE, RHEL, RedHat Linux, Slackware, TurboLinux, Unix (plateforme) ~ non exhaustif.
Gravité de cette alerte : 2/4.
Nombre de vulnérabilités dans ce bulletin : 3.
Date de création : 17/03/2004.
Dates de révisions : 18/03/2004, 19/03/2004, 22/03/2004, 23/03/2004, 29/03/2004, 30/03/2004, 22/04/2004, 27/04/2004, 07/05/2004, 10/05/2004, 12/07/2004, 03/11/2004, 01/02/2005.
Références de cette alerte : 20041101-01-P, 20051101-01-U, 224012, 58466, BID-9899, CERTA-2004-AVI-095, CERTA-2004-AVI-111, CIAC O-101, CISCO20040317a, Compaq SSRT4717, CVE-2004-0079, CVE-2004-0081, CVE-2004-0112, DSA-465, DSA-465-1, FEDORA-2004-095, FEDORA-2005-077, FEDORA-2005-078, FEDORA-2005-079, FEDORA-2005-1042, FLSA-1395, FLSA:1395, FLSA:166939, FLSA-2005:166939, FreeBSD-SA-04:05, HP01011, HP01019, MDKSA-2004:023, NetBSD 2004-005, NetBSD-SA2004-005, Netscreen 58466, O-101, OpenBSD 33-021, OpenBSD 34-016, RHSA-2004:119, RHSA-2004:120, RHSA-2004:121, RHSA-2005:829, RHSA-2005:829-00, RHSA-2005:830, SGI 20041101, SSA:2004-077-01, SSRT4717, SUSE-SA:2004:007, TLSA-2004-09, TLSA-2004-9, V6-UNIXOPENSSL3DOS, VIGILANCE-VUL-4067, VU#288574, VU#465542, VU#484726.

Description de la vulnérabilité 

La bibliothèque OpenSSL est utilisée par de nombreux produits de sécurité, et contient trois vulnérabilités.

La fonction do_change_cipher_spec utilise un pointeur nul, ce qui provoque l'arrêt du logiciel. Cette erreur peut être mise en oeuvre lors d'un handshake SSL/TLS. Les versions concernées sont :
 - 0.9.6c à 0.9.6k incluse
 - 0.9.7a à 0.9.7c incluse

Lorsque Kerberos est employé, un handshake illicite peut conduire à l'arrêt du logiciel. Les versions concernées sont :
 - 0.9.7a à 0.9.7c incluse

Une boucle infinie peut être créée. Les versions concernées sont :
 - 0.9.? à 0.9.6c incluse

Ces trois vulnérabilités permettent donc de mener un déni de service sur les applications utilisant OpenSSL.
Bulletin complet, filtrage par logiciel, emails, correctifs, ... (Demandez votre essai gratuit)

Cette alerte de menace informatique concerne les logiciels ou systèmes comme FW-1, VPN-1, ASA, Cisco Catalyst, Cisco CSS, IOS par Cisco, Cisco Router, WebNS, Debian, Fedora, FreeBSD, HP-UX, Mandriva Linux, NetBSD, OpenBSD, OpenSSL, openSUSE, RHEL, RedHat Linux, Slackware, TurboLinux, Unix (plateforme) ~ non exhaustif.

Notre équipe Vigil@nce a déterminé que la gravité de cette faille est moyen.

Le niveau de confiance est de type confirmé par l'éditeur, avec une provenance de serveur internet.

Ce bulletin concerne 3 vulnérabilités.

Un attaquant avec un niveau de compétence expert peut exploiter ce bulletin de vulnérabilité informatique.

Solutions pour cette menace 

OpenSSL : version.
Les versions 0.9.6m et 0.9.7d sont corrigées :
  http://www.openssl.org/
Note : la version 0.9.6L n'est pas présentée comme vulnérable, mais OpenSSL a tout de même publié la version 0.9.6m.

Cisco : solution pour openssl.
L'annonce CISCO20040317a liste les correctifs en fonction du produit.

Debian : nouveaux paquetages openssl.
De nouveaux paquetages sont disponibles :
  Source :
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6.dsc
      Size/MD5 checksum: 632 c12536a01aca47e52d17e22310acbdd7
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6.diff.gz
      Size/MD5 checksum: 44829 7478b91c110b6f1e52cf459cb44c07e1
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
      Size/MD5 checksum: 2153980 c8261d93317635d56df55650c6aeb3dc
    http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.3.dsc
      Size/MD5 checksum: 624 e10b520a03dc6a86acd3609ed390bf21
    http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.3.diff.gz
      Size/MD5 checksum: 46851 5108530e438a6c00458fb034db238392
    http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4.orig.tar.gz
      Size/MD5 checksum: 1570392 72544daea16d6c99d656b95f77b01b2d
    http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.5.dsc
      Size/MD5 checksum: 631 0548af08e7b80fe2c7e73108bf352230
    http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.5.diff.gz
      Size/MD5 checksum: 39190 837e26caaf8c22a566dbefdd6ffc56ea
    http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a.orig.tar.gz
      Size/MD5 checksum: 1892089 99d22f1d4d23ff8b927f94a9df3997b4
  Intel IA-32 :
    http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_i386.deb
      Size/MD5 checksum: 1290986 ee3f1bd5dc3de3e7dff6e945e73bf7b1
    http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_i386.deb
      Size/MD5 checksum: 461870 8d24ba643ce45cf495d775fa7062e53e
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_i386.deb
      Size/MD5 checksum: 723346 e258d6e5c4e79767d1b75ae29a103a6d
    http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.3_i386.deb
      Size/MD5 checksum: 358500 92eb1693ec21ca108f0d06932ce4f9db
    http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_i386.deb
      Size/MD5 checksum: 399952 068f0a3443cbebbd23571df0170cad84

Fedora : nouveaux paquetages openssl.
De nouveaux paquetages sont disponibles :
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
e8bdb97523942f9ffaa2266557522cb4 SRPMS/openssl-0.9.7a-33.10.src.rpm
e8b8fa33866d3bfb18a0bb363b7da157 i386/openssl-0.9.7a-33.10.i386.rpm
185ce2fa3dcc7eefd08755fbf32ba4b9 i386/openssl-devel-0.9.7a-33.10.i386.rpm
dffeec7a90d6d455d42f4150f8d87234 i386/openssl-perl-0.9.7a-33.10.i386.rpm
910b24732d051afceda9f9c725b26eaf i386/debug/openssl-debuginfo-0.9.7a-33.10.i386.rpm
f2c1ee5973157103d6699fb8122a42cd i386/openssl-0.9.7a-33.10.i686.rpm
aae58c51061b47c4886249787a6b0d12 i386/debug/openssl-debuginfo-0.9.7a-33.10.i686.rpm
ef901bfd90760a5a9bfe04964fc1edaf x86_64/openssl-0.9.7a-33.10.x86_64.rpm
0efb65591070daa52274aeba71c27c25 x86_64/openssl-devel-0.9.7a-33.10.x86_64.rpm
6c37c57523dafe0125ea7cafd9d03bd1 x86_64/openssl-perl-0.9.7a-33.10.x86_64.rpm
e3fa109733cd72647c96cd02a2c92628 x86_64/debug/openssl-debuginfo-0.9.7a-33.10.x86_64.rpm
bfa1844b85a37b4985bc05078c34dc5a SRPMS/openssl096-0.9.6-26.src.rpm
a138ec3378572805b3607f0e55eb081a i386/openssl096-0.9.6-26.i386.rpm
810ef6df3fcc5762b3b69654f9f1e145 i386/debug/openssl096-debuginfo-0.9.6-26.i386.rpm
b54014864a487e940b0a433755e75893 x86_64/openssl096-0.9.6-26.x86_64.rpm
12c3ebe731dc15263ae8e980173c3f9f x86_64/debug/openssl096-debuginfo-0.9.6-26.x86_64.rpm
216c598e2d8ded8f24f1c3b828051743 SRPMS/openssl096b-0.9.6b-18.src.rpm
5db375e1acdaf84a33ccab3f9f48b171 i386/openssl096b-0.9.6b-18.i386.rpm
b904fa03ff1b6ad06a488e3388b74a58 i386/debug/openssl096b-debuginfo-0.9.6b-18.i386.rpm
d2f6313c15f893b15230a82bc9ca5c5e x86_64/openssl096b-0.9.6b-18.x86_64.rpm
25804bd47caad8bb6a6d74f46c36cf62 x86_64/debug/openssl096b-debuginfo-0.9.6b-18.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
d5a4c69326db840475f0faee53bae362 SRPMS/openssl096b-0.9.6b-20.src.rpm
94e9b247b41232707b16831a47c93340 x86_64/openssl096b-0.9.6b-20.x86_64.rpm
70a9678b257c6e71218e1b0d6b175efe x86_64/debug/openssl096b-debuginfo-0.9.6b-20.x86_64.rpm
da9186a847ca483b96bfab3e36ca907e i386/openssl096b-0.9.6b-20.i386.rpm
0b1eaf9c40ee7b81ed33420b7f546d2c i386/debug/openssl096b-debuginfo-0.9.6b-20.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
376588aa72cdac37281ae30e76e4092f SRPMS/openssl096b-0.9.6b-21.src.rpm
def5ab22bd527f72611575e8f9edee0e x86_64/openssl096b-0.9.6b-21.x86_64.rpm
74ecfc4d2954604d2a54007d8dc54cb5 x86_64/debug/openssl096b-debuginfo-0.9.6b-21.x86_64.rpm
7154a102525adb6d7e6955783759559c x86_64/openssl096b-0.9.6b-21.i386.rpm
7154a102525adb6d7e6955783759559c i386/openssl096b-0.9.6b-21.i386.rpm
fa8467ff5b3508b36f775ddd047625ea i386/debug/openssl096b-debuginfo-0.9.6b-21.i386.rpm

Fedora : nouveaux paquetages openssl096b.
De nouveaux paquetages sont disponibles :
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
8d68e4b430aa7c5ca067c12866ae694e SRPMS/openssl096b-0.9.6b-21.42.src.rpm
54a9e78a2fdd625b9dc9121e09eb4398 x86_64/openssl096b-0.9.6b-21.42.x86_64.rpm
c5c6174e23eba8d038889d08f49231b8 x86_64/debug/openssl096b-debuginfo-0.9.6b-21.42.x86_64.rpm
56b63fc150d0c099b2e4f0950e21005b x86_64/openssl096b-0.9.6b-21.42.i386.rpm
56b63fc150d0c099b2e4f0950e21005b i386/openssl096b-0.9.6b-21.42.i386.rpm
93195495585c7e9789041c75b1ed5380 i386/debug/openssl096b-debuginfo-0.9.6b-21.42.i386.rpm

FreeBSD : patch pour openssl.
Un patch est disponible :
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:05/openssl.patch

HP-UX : patches.
Les annonces HP01011, HP01019 et COMPAQ-SSRT4717 indiquent les versions corrigées.

IRIX : patches.
Des patches sont disponibles :
  IRIX 6.5.20 : 5535
  IRIX 6.5.21 : 5536
  IRIX 6.5.22m : 5533
  IRIX 6.5.23m : 5533
  IRIX 6.5.24m : 5533

Mandrake : nouveaux paquetages openssl.
De nouveaux paquetages sont disponibles :
 Mandrakelinux 9.0:
 f240a851cd1e2350485c01937c03954a 9.0/RPMS/libopenssl0-0.9.6i-1.7.90mdk.i586.rpm
 44163de2b87935272550f1ee76df3bea 9.0/RPMS/libopenssl0-devel-0.9.6i-1.7.90mdk.i586.rpm
 8692dc3bc8235e0ee0279c197fd7f2ee 9.0/RPMS/libopenssl0-static-devel-0.9.6i-1.7.90mdk.i586.rpm
 fb67c8105ee757e0be521758cef6c3ad 9.0/RPMS/openssl-0.9.6i-1.7.90mdk.i586.rpm
 2c5edca752c1bded660e811e4a14924c 9.0/SRPMS/openssl-0.9.6i-1.7.90mdk.src.rpm
 Mandrakelinux 9.1:
 675ca1ba5d7fbf2246a47ddb2c3b9b51 9.1/RPMS/libopenssl0-0.9.6i-1.3.91mdk.i586.rpm
 4f916449cf69b4246b6d31313082b836 9.1/RPMS/libopenssl0.9.7-0.9.7a-1.3.91mdk.i586.rpm
 e96d97d6abc80a2b876fa412a94513ee 9.1/RPMS/libopenssl0.9.7-devel-0.9.7a-1.3.91mdk.i586.rpm
 6f51829b630e60f1296571f06fdf31ad 9.1/RPMS/libopenssl0.9.7-static-devel-0.9.7a-1.3.91mdk.i586.rpm
 cf731928a2a17b67ecc3a1592300842d 9.1/RPMS/openssl-0.9.7a-1.3.91mdk.i586.rpm
 7034cb0be4e172d30fe2d68a6bec27b3 9.1/SRPMS/openssl-0.9.7a-1.3.91mdk.src.rpm
 fafa5780fe61503df1a92215e6dfdb24 9.1/SRPMS/openssl0.9.6-0.9.6i-1.3.91mdk.src.rpm
 Mandrakelinux 9.1/PPC:
 6a083899b5c52877e9bed2e21b030918 ppc/9.1/RPMS/libopenssl0-0.9.6i-1.3.91mdk.ppc.rpm
 0e3eee09e1f2ceb59422f4ff0ce4a073 ppc/9.1/RPMS/libopenssl0.9.7-0.9.7a-1.3.91mdk.ppc.rpm
 71a44d67de3c656025f9d9df93e690df ppc/9.1/RPMS/libopenssl0.9.7-devel-0.9.7a-1.3.91mdk.ppc.rpm
 bfba9442501c5c618f1f3953728de8fe ppc/9.1/RPMS/libopenssl0.9.7-static-devel-0.9.7a-1.3.91mdk.ppc.rpm
 fd0cae85733542b6e5edc422c6e85272 ppc/9.1/RPMS/openssl-0.9.7a-1.3.91mdk.ppc.rpm
 7034cb0be4e172d30fe2d68a6bec27b3 ppc/9.1/SRPMS/openssl-0.9.7a-1.3.91mdk.src.rpm
 fafa5780fe61503df1a92215e6dfdb24 ppc/9.1/SRPMS/openssl0.9.6-0.9.6i-1.3.91mdk.src.rpm
 Mandrakelinux 9.2:
 ca7d2493b21406d07d8c4c95e8768c47 9.2/RPMS/libopenssl0.9.7-0.9.7b-4.2.92mdk.i586.rpm
 b0f4e7317a0ffa549394590bb3814216 9.2/RPMS/libopenssl0.9.7-devel-0.9.7b-4.2.92mdk.i586.rpm
 cf3c227a00a1f738915768a860fabf24 9.2/RPMS/libopenssl0.9.7-static-devel-0.9.7b-4.2.92mdk.i586.rpm
 34b175885ae59b3a089b11a02039d88a 9.2/RPMS/openssl-0.9.7b-4.2.92mdk.i586.rpm
 006292d74c144ace0a288ab444493788 9.2/SRPMS/openssl-0.9.7b-4.2.92mdk.src.rpm
 Mandrakelinux 9.2/AMD64:
 34246401bd6d2b211ea366d0673b2ce6 amd64/9.2/RPMS/lib64openssl0.9.7-0.9.7b-4.2.92mdk.amd64.rpm
 87b4e7fbeaf3640f94d67e1bd6bfc593 amd64/9.2/RPMS/lib64openssl0.9.7-devel-0.9.7b-4.2.92mdk.amd64.rpm
 a3c9c929398a68ce06cce5fd537f4387 amd64/9.2/RPMS/lib64openssl0.9.7-static-devel-0.9.7b-4.2.92mdk.amd64.rpm
 85155f93b8c769759b901b44f71974dd amd64/9.2/RPMS/openssl-0.9.7b-4.2.92mdk.amd64.rpm
 006292d74c144ace0a288ab444493788 amd64/9.2/SRPMS/openssl-0.9.7b-4.2.92mdk.src.rpm

NetBSD : patches.
L'annonce NETBSD-SA2004-005 liste les patches en fonction de la version du système.

OpenBSD : patches pour openssl.
Des patches sont disponibles :
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/021_openssl.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/016_openssl.patch

Red Hat Linux, Fedora Core : nouveaux paquetages openssl.
De nouveaux paquetages sont disponibles :
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/openssl095a-0.9.5a-24.7.6.legacy.src.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/openssl096-0.9.6-25.11.legacy.src.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/openssl-0.9.6b-39.10.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssl095a-0.9.5a-24.7.6.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssl096-0.9.6-25.11.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssl-0.9.6b-39.10.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssl-0.9.6b-39.10.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssl-devel-0.9.6b-39.10.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssl-perl-0.9.6b-39.10.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/openssl096-0.9.6-25.12.legacy.src.rpm
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/openssl096b-0.9.6b-15.3.legacy.src.rpm
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/openssl-0.9.7a-20.6.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/openssl096-0.9.6-25.12.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openssl096b-0.9.6b-15.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openssl-0.9.7a-20.6.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openssl-0.9.7a-20.6.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openssl-devel-0.9.7a-20.6.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openssl-perl-0.9.7a-20.6.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/openssl096-0.9.6-26.3.legacy.src.rpm
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/openssl096b-0.9.6b-18.3.legacy.src.rpm
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/openssl-0.9.7a-33.13.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/openssl096-0.9.6-26.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/openssl096b-0.9.6b-18.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/openssl-0.9.7a-33.13.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/openssl-0.9.7a-33.13.legacy.i686.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/openssl-devel-0.9.7a-33.13.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/openssl-perl-0.9.7a-33.13.legacy.i386.rpm
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/openssl096b-0.9.6b-20.3.legacy.src.rpm
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/openssl-0.9.7a-35.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/openssl096b-0.9.6b-20.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/openssl-0.9.7a-35.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/openssl-0.9.7a-35.2.legacy.i686.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/openssl-devel-0.9.7a-35.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/openssl-perl-0.9.7a-35.2.legacy.i386.rpm

Red Hat Linux : nouveaux paquetages openssl.
De nouveaux paquetages sont disponibles :
Red Hat Linux 7.2:
 SRPM:
http://download.fedoralegacy.org/redhat/7.2/updates/SRPMS/openssl095a-0.9.5a-24.7.3.legacy.src.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/SRPMS/openssl-0.9.6b-36.7.legacy.src.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/SRPMS/openssl096-0.9.6-25.7.legacy.src.rpm
 i386:
http://download.fedoralegacy.org/redhat/7.2/updates/i386/openssl-0.9.6b-36.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/openssl-devel-0.9.6b-36.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/openssl-perl-0.9.6b-36.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/openssl095a-0.9.5a-24.7.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/openssl096-0.9.6-25.7.legacy.i386.rpm
 i686:
http://download.fedoralegacy.org/redhat/7.2/updates/i386/openssl-0.9.6b-36.7.legacy.i686.rpm
Red Hat Linux 7.3:
 SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/openssl095a-0.9.5a-24.7.3.legacy.src.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/openssl-0.9.6b-36.7.legacy.src.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/openssl096-0.9.6-25.7.legacy.src.rpm
 i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssl-0.9.6b-36.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssl-devel-0.9.6b-36.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssl-perl-0.9.6b-36.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssl095a-0.9.5a-24.7.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssl096-0.9.6-25.7.legacy.i386.rpm
 i686:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssl-0.9.6b-36.7.legacy.i686.rpm
Red Hat Linux 8.0:
 SRPM:
http://download.fedoralegacy.org/redhat/8.0/updates/SRPMS/openssl095a-0.9.5a-24.8.legacy.src.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/SRPMS/openssl-0.9.6b-36.8.legacy.src.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/SRPMS/openssl096-0.9.6-24.8.legacy.src.rpm
 i386:
http://download.fedoralegacy.org/redhat/8.0/updates/i386/openssl-devel-0.9.6b-36.8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/openssl-0.9.6b-36.8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/openssl-perl-0.9.6b-36.8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/openssl095a-0.9.5a-24.8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/openssl096-0.9.6-24.8.legacy.i386.rpm
 i686:
http://download.fedoralegacy.org/redhat/8.0/updates/i386/openssl-0.9.6b-36.8.legacy.i686.rpm
Red Hat Linux 9:
 SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/openssl-0.9.7a-20.2.src.rpm
ftp://updates.redhat.com/9/en/os/SRPMS/openssl096-0.9.6-25.9.src.rpm
ftp://updates.redhat.com/9/en/os/SRPMS/openssl096b-0.9.6b-15.src.rpm
 i386:
ftp://updates.redhat.com/9/en/os/i386/openssl-0.9.7a-20.2.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl-devel-0.9.7a-20.2.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl-perl-0.9.7a-20.2.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl096-0.9.6-25.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl096b-0.9.6b-15.i386.rpm
 i686:
ftp://updates.redhat.com/9/en/os/i686/openssl-0.9.7a-20.2.i686.rpm

RHEL : nouveaux paquetages openssl.
De nouveaux paquetages sont disponibles :
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
 SRPMS:
   ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl-0.9.6b-36.src.rpm
   ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl095a-0.9.5a-24.src.rpm
   ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl096-0.9.6-25.7.src.rpm
 i386:
   openssl-0.9.6b-36.i386.rpm
   openssl095a-0.9.5a-24.i386.rpm
   openssl096-0.9.6-25.7.i386.rpm
 i686:
   openssl-0.9.6b-36.i686.rpm
 ia64:
   openssl-0.9.6b-36.ia64.rpm
   openssl095a-0.9.5a-24.ia64.rpm
   openssl096-0.9.6-25.7.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
 SRPMS:
   ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl-0.9.6b-36.src.rpm
   ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl095a-0.9.5a-24.src.rpm
   ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl096-0.9.6-25.7.src.rpm
 ia64:
   openssl-0.9.6b-36.ia64.rpm
   openssl095a-0.9.5a-24.ia64.rpm
   openssl096-0.9.6-25.7.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
 SRPMS:
   ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openssl-0.9.6b-36.src.rpm
 i386:
   openssl-0.9.6b-36.i386.rpm
   openssl-devel-0.9.6b-36.i386.rpm
   openssl-perl-0.9.6b-36.i386.rpm
 i686:
   openssl-0.9.6b-36.i686.rpm
Red Hat Enterprise Linux WS version 2.1:
 SRPMS:
   ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openssl-0.9.6b-36.src.rpm
 i386:
   openssl-0.9.6b-36.i386.rpm
   openssl-devel-0.9.6b-36.i386.rpm
   openssl-perl-0.9.6b-36.i386.rpm
 i686:
   openssl-0.9.6b-36.i686.rpm
Red Hat Enterprise Linux AS version 3:
 SRPMS:
   ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm
   ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm
 i386:
   openssl-0.9.7a-33.4.i386.rpm
   openssl096b-0.9.6b-16.i386.rpm
 i686:
   openssl-0.9.7a-33.4.i686.rpm
 ia64:
   openssl-0.9.7a-33.4.ia64.rpm
   openssl-0.9.7a-33.4.i686.rpm
   openssl096b-0.9.6b-16.ia64.rpm
 ppc:
   openssl-0.9.7a-33.4.ppc.rpm
   openssl096b-0.9.6b-16.ppc.rpm
 ppc64:
   openssl-0.9.7a-33.4.ppc64.rpm
 s390:
   openssl-0.9.7a-33.4.s390.rpm
   openssl096b-0.9.6b-16.s390.rpm
 s390x:
   openssl-0.9.7a-33.4.s390x.rpm
   openssl-0.9.7a-33.4.s390.rpm
 x86_64:
   openssl-0.9.7a-33.4.x86_64.rpm
   openssl-0.9.7a-33.4.i686.rpm
   openssl096b-0.9.6b-16.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
 SRPMS:
   ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm
   ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm
 i386:
   openssl-0.9.7a-33.4.i386.rpm
   openssl096b-0.9.6b-16.i386.rpm
 i686:
   openssl-0.9.7a-33.4.i686.rpm
Red Hat Enterprise Linux WS version 3:
 SRPMS:
   ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm
   ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm
 i386:
   openssl-0.9.7a-33.4.i386.rpm
   openssl096b-0.9.6b-16.i386.rpm
 i686:
   openssl-0.9.7a-33.4.i686.rpm
 ia64:
   openssl-0.9.7a-33.4.ia64.rpm
   openssl-0.9.7a-33.4.i686.rpm
   openssl096b-0.9.6b-16.ia64.rpm
 x86_64:
   openssl-0.9.7a-33.4.x86_64.rpm
   openssl-0.9.7a-33.4.i686.rpm
   openssl096b-0.9.6b-16.x86_64.rpm

RHEL : nouveaux paquetages openssl.
De nouveaux paquetages sont disponibles :
Red Hat Enterprise Linux version 2.1:
  openssl-0.9.6b-42
  openssl095a-0.9.5a-28
  openssl096-0.9.6-28
Red Hat Enterprise Linux version 3:
  openssl096b-0.9.6b-16.42
Red Hat Enterprise Linux version 4:
  openssl096b-0.9.6b-22.42

SGI ProPack : nouveaux paquetages gdk-pixbuf, gtk2, lynx, php, libungif, curl, wget, openssl096b, ethereal.
Le patch 10242 est disponible :
  http://support.sgi.com/
Des RPMs individuels sont disponibles :
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

Slackware : nouveaux paquetages openssl.
De nouveaux paquetages sont disponibles :
Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-0.9.6m-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-solibs-0.9.6m-i386-1.tgz
Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-0.9.7d-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-solibs-0.9.7d-i386-1.tgz
Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-0.9.7d-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-solibs-0.9.7d-i486-1.tgz

SuSE : nouveaux paquetages openssl.
De nouveaux paquetages sont disponibles :
    SuSE-9.0:
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/openssl-0.9.7b-133.i586.rpm
      31ec7dd8d5e119ebc0c63b287e4ad3c7
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/openssl-devel-0.9.7b-133.i586.rpm
      952ad40732b95ca7fdd8ba00a94ce99b
    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/openssl-0.9.7b-133.i586.patch.rpm
      71d9522ca81e5cec829266f5fd9efb6d
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/openssl-devel-0.9.7b-133.i586.patch.rpm
      40d2d30ff2f2629d02e6e54472b6aca0
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/openssl-0.9.7b-133.src.rpm
      3bb291108685b06ac25533014ede039e
    SuSE-8.2:
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssl-0.9.6i-21.i586.rpm
      21d83138d00c84b0febc2428f1e5ceac
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssl-devel-0.9.6i-21.i586.rpm
      421bf9717ff3c7facc8a6ee51438e82c
    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssl-0.9.6i-21.i586.patch.rpm
      0457b801931f1f6857e3358c4b5a9151
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssl-devel-0.9.6i-21.i586.patch.rpm
      4d8561d55cde4d31c840ebd7d10901e1
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/openssl-0.9.6i-21.src.rpm
      4a55e2eae1fd8ebcc086fa612d9af95b
    SuSE-8.1:
    ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssl-0.9.6g-114.i586.rpm
      53c938f88ed6a5d2ad12120c65ea880f
    ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssl-devel-0.9.6g-114.i586.rpm
      bd6ff0ccaf12c1ce9107accf5f4372b6
    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssl-0.9.6g-114.i586.patch.rpm
      7782f761018a0b4fb95c955f7c782b6d
    ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssl-devel-0.9.6g-114.i586.patch.rpm
      51df3d52a98175cbe6338cb963140a59
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/openssl-0.9.6g-114.src.rpm
      da2f5a9f62126ad0e1659a6f4f78878c
    SuSE-8.0:
    ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec1/openssl-0.9.6c-87.i386.rpm
      f40a9640a6acc1ba9bbd3c2669ecba9d
    ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/openssl-devel-0.9.6c-87.i386.rpm
      d19730d5050a0f0fd5cafb348c0c0896
    patch rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec1/openssl-0.9.6c-87.i386.patch.rpm
      e81f85173f6108f1e1ce312540fcff48
    ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/openssl-devel-0.9.6c-87.i386.patch.rpm
      9fbb35bdf838262ccb56b4c3924c3a08
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/openssl-0.9.6c-87.src.rpm
      0b09e243d99922087ace4052f330f493

TurboLinux : nouveaux paquetages openssl.
De nouveaux paquetages sont disponibles :
Turbolinux 10 Desktop
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/openssl-0.9.7d-1.src.rpm
      2793953 ab0c244579dcea53fa6f5f48505b0b5a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/openssl-compat-0.9.6m-1.src.rpm
      2265321 e03a6f6777dd03c36e31710c8febad77
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-0.9.7d-1.i586.rpm
      1218800 eb84ac4173b36ce151f803cb60eb8bdd
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-compat-0.9.6m-1.i586.rpm
       754120 459d2aab779bcb1f7334806f3da894f6
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssl-devel-0.9.7d-1.i586.rpm
      1479420 644f6d0e2f0999965417ace5e41853ac
Turbolinux 8 Server
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssl-0.9.6m-1.src.rpm
      2265514 dc0389b141a2c78c29d32d250ecb4987
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-0.9.6m-1.i586.rpm
      1367693 aacc89cbc22c431b780366c53003189a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssl-devel-0.9.6m-1.i586.rpm
      1157874 707e421ad1b9f223fa822573bf8eb81a
Turbolinux 8 Workstation
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/openssl-0.9.6m-1.src.rpm
      2265514 073e830786e49f88acf8439b0a14b717
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssl-0.9.6m-1.i586.rpm
      1367591 1d99d917b5f01b61030660045c10f35e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssl-devel-0.9.6m-1.i586.rpm
      1158207 8b6cbae3a04ff320e847336c0a23a24e
Turbolinux 7 Server
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/openssl-0.9.6m-1.src.rpm
      2265514 132dabe2c91ab0227ff56b85340dc98c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssl-0.9.6m-1.i586.rpm
      1337061 99f13d9b84819eae9025465f77ea6c5a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssl-devel-0.9.6m-1.i586.rpm
      1140489 301ef33ceefc4922ca59b84b10250dbe
Turbolinux 7 Workstation
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/openssl-0.9.6m-1.src.rpm
      2265514 4be185ab3a40e0e0982de7cabebaceb0
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssl-0.9.6m-1.i586.rpm
      1337293 9e51b81ed1a4ac73a43f80c4a78b9a39
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssl-devel-0.9.6m-1.i586.rpm
      1141285 0a9a7085891aec85f742b2eee1647d29
Turbolinux Server 6.5
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/openssl-0.9.6m-1.src.rpm
      2265514 fb4550e5daa482a1978464e8a1272b3c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssl-0.9.6m-1.i386.rpm
      1466724 7e303efabc213f57fe6f3eed50f62ef0
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssl-devel-0.9.6m-1.i386.rpm
      1273395 557dfc469d06aea2564a9a14a248ea24
Turbolinux Advanced Server 6
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/openssl-0.9.6m-1.src.rpm
      2265514 9b0c792b110e7d2e43ff83d072ea647d
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssl-0.9.6m-1.i386.rpm
      1466757 9a76ebcb8a5c390fe4880e750bedeeb2
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssl-devel-0.9.6m-1.i386.rpm
      1273434 680429a3bf0235c7958ee7b9f02ebab5
Turbolinux Server 6.1
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/openssl-0.9.6m-1.src.rpm
      2265514 0a2f1d263ae5bbaeb18f81551743590d
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssl-0.9.6m-1.i386.rpm
      1466752 c0696ff96729f4218cd588d94033b5c4
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssl-devel-0.9.6m-1.i386.rpm
      1273499 49af08dd7d0b08fd701d61c4f7f11983
Turbolinux Workstation 6.0
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/openssl-0.9.6m-1.src.rpm
      2265514 f83b24f5112c3e66c9122af6199e0ac5
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssl-0.9.6m-1.i386.rpm
      1466745 6f982e6da0d92b23139e111e50143e05
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssl-devel-0.9.6m-1.i386.rpm
      1273391 0dec09ad6bfedccfe0157828d682bb80

VPN-1/FireWall-1 : hotfix.
Le document ci-dessous liste les Hotfix disponibles.
Bulletin complet, filtrage par logiciel, emails, correctifs, ... (Demandez votre essai gratuit)

Service de veille sur les vulnérabilités informatiques 

Vigil@nce fournit une veille de vulnérabilité informatique. Chaque administrateur peut personnaliser la liste des produits pour lesquels il souhaite recevoir des alertes de vulnérabilités.