Stay Connected:

ELSA-2010-0163

ELSA-2010-0163 - openssl security update

Type:SECURITY
Severity:MODERATE
Release Date:2010-03-25

Description



[0.9.7a-43.17.5]
- do not disable SSLv2 in the renegotiation patch - SSLv2 does
not support renegotiation
- allow unsafe renegotiation on clients with SSL_OP_LEGACY_SERVER_CONNECT

[0.9.7a-43.17.4]
- mention the RFC5746 in the renegotiation fix doc

[0.9.7a-43.17.3]
- CVE-2009-3555 - support the secure renegotiation RFC (#533125)
- CVE-2009-2409 - drop MD2 from the default algorithm list (#510197)
- CVE-2009-0590 - crash when printing incorrect asn1 strings (#492304)


Related CVEs


CVE-2009-0590
CVE-2009-2409
CVE-2009-3555

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 3 (i386) openssl-0.9.7a-33.26.src.rpm5826067069df810c7929fc2b3eaa06d3-
openssl-0.9.7a-33.26.i386.rpm8b9f5314a3411caebaaeea431a647da8-
openssl-0.9.7a-33.26.i686.rpm8bed2220b0704d61071ef4972796be18-
openssl-devel-0.9.7a-33.26.i386.rpm8cb93999606ec8e53520b46ca81daafd-
openssl-perl-0.9.7a-33.26.i386.rpm7c61e1d50b6d866c447ca81361ef85ce-
Oracle Linux 3 (x86_64) openssl-0.9.7a-33.26.src.rpm5826067069df810c7929fc2b3eaa06d3-
openssl-0.9.7a-33.26.i686.rpm8bed2220b0704d61071ef4972796be18-
openssl-0.9.7a-33.26.x86_64.rpm7200902529cf4a24da5d89f5102763de-
openssl-devel-0.9.7a-33.26.x86_64.rpm13a6455c2ecdd4c557fa986ce539d1f2-
openssl-perl-0.9.7a-33.26.x86_64.rpmffbf02be6860b3691935e01532c48b3e-
Oracle Linux 4 (i386) openssl-0.9.7a-43.17.el4_8.5.src.rpme8ac8b7941d80f7b9e4cfa7018957d36ELSA-2012-0086
openssl-0.9.7a-43.17.el4_8.5.i386.rpma709d7b750aa868bac7d1543e512b6a7ELSA-2012-0086
openssl-0.9.7a-43.17.el4_8.5.i686.rpm49e8334af4960c3f16f0a4de558746e2ELSA-2012-0086
openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm181718d382a4e1b8f6e109307d48d59cELSA-2012-0086
openssl-perl-0.9.7a-43.17.el4_8.5.i386.rpm2d8bcf38053dea654affe9fde1f91764ELSA-2012-0086
Oracle Linux 4 (ia64) openssl-0.9.7a-43.17.el4_8.5.src.rpme8ac8b7941d80f7b9e4cfa7018957d36ELSA-2012-0086
openssl-0.9.7a-43.17.el4_8.5.i686.rpm49e8334af4960c3f16f0a4de558746e2ELSA-2012-0086
openssl-0.9.7a-43.17.el4_8.5.ia64.rpmfe7d9fd644172177b76b4a07dc673f37ELSA-2012-0086
openssl-devel-0.9.7a-43.17.el4_8.5.ia64.rpm3324b971df77597c35f536a7fd6a6541ELSA-2012-0086
openssl-perl-0.9.7a-43.17.el4_8.5.ia64.rpm17406914d219755f79ec4e839ca1a6b8ELSA-2012-0086
Oracle Linux 4 (x86_64) openssl-0.9.7a-43.17.el4_8.5.src.rpme8ac8b7941d80f7b9e4cfa7018957d36ELSA-2012-0086
openssl-0.9.7a-43.17.el4_8.5.i686.rpm49e8334af4960c3f16f0a4de558746e2ELSA-2012-0086
openssl-0.9.7a-43.17.el4_8.5.x86_64.rpm56facd6b7677ac32a6ce9713ca579136ELSA-2012-0086
openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm181718d382a4e1b8f6e109307d48d59cELSA-2012-0086
openssl-devel-0.9.7a-43.17.el4_8.5.x86_64.rpm788bb2b9fa9d35d60f875a16a1822b69ELSA-2012-0086
openssl-perl-0.9.7a-43.17.el4_8.5.x86_64.rpm326b4341b8684ab52af615427da277d5ELSA-2012-0086



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights