AnNyung Official Homepage Home > Update [ 1.3 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



openssl097 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1270123447
업데이트 : 2010.04.01


상세내용

openssl097a 패키지는 openssl 0.9.7 library 를 link 하도록 빌드된
바이너리나 openssl 0.9.7 을 요구하는 빌드환경을 위하여 제공되는
호환 라이브러리 입니다.

이 라이브러리를 이용하여 빌드를 할 경우에는 다음의 사항을 주의해야
합니다.

이 라이브러리는 RHEL 4 의 openssl 0.9.7a-43.17.el48.5 를 이용하여 작성이 되었
습니다.

1. header file include 시..
   #include <openssl/xxx.h> 를 #include <openssl097a/xxx.h> 로 수정해야
   합니다.

2. library 링크시..
   -lssl 이나 -lcrypto 의 경우 -lssl097a 나 -lcrypto097a 로 수정해서 빌드
   해야 합니다.

Security fix
- CVE-2009-0590
- CVE-2009-2409
- CVE-2009-3555

CVE-2009-0590
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote
attackers to cause a denial of service (invalid memory access and
application crash) via vectors that trigger printing of a (1) BMPString
or (2) UniversalString with an invalid encoded length.

CVE-2009-2409
The Network Security Services (NSS) library before 3.12.3, as used in
Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k;
and other products support MD2 with X.509 certificates, which might allow
remote attackers to spoof certificates by using MD2 design flaws to
generate a hash collision in less than brute-force time. NOTE: the scope
of this issue is currently limited because the amount of computation
required is still large.

CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used
in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the
Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5
and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier,
multiple Cisco products, and other products, does not properly associate
renegotiation handshakes with an existing connection, which allows
man-in-the-middle attackers to insert data into HTTPS sessions, and
possibly other types of sessions protected by TLS or SSL, by sending an
unauthenticated request that is processed retroactively by a server in
a post-renegotiation context, related to a "plaintext injection" attack,
aka the "Project Mogul" issue.


Autoupdates 지원 : 지원
  pkgsysupdate


update 패키지

  RPMS :

    . openssl097a-0.9.7a-43.17.el48.5.noarch.rpm
    . openssl097a-devel-0.9.7a-43.17.el48.5.noarch.rpm
    . openssl097a-doc-0.9.7a-43.17.el48.5.noarch.rpm


  SRPMS :

    . openssl097a-0.9.7a-43.17.el48.5.src.rpm


참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555



    



 Home > Update [ 1.3 ]

Copyright 2018 OOPS Development Organization 
LAST MODIFIED: 2018/04/10