OpenSSL PKCS Padding RSA Signature Forgery Vulnerability

OpenSSL PKCS Padding RSA Signature Forgery Vulnerability

Solution:
The vendor has released new versions of OpenSSL to address this issue.

Please see the referenced vendor advisories for more information.

Mozilla has released a new advisory MFSA 2006-66 stating that this issue was not properly addressed in previous fixes. A variant of this issue is still exploitable after applying the fixes released as part of Mozilla advisory MFSA 2006-60. Users are advised to obtain updated versions of Mozilla applications and to consult MFSA 2006-66 for more information.

Turbolinux Turbolinux 10 F...

Turbolinux openssl-0.9.7d-8.i586.rpm
Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/openssl-0.9.7d-8.i586.rpm

Turbolinux openssl-compat-0.9.6m-9.i586.rpm
Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/openssl-compat-0.9.6m-9.i586.rpm

Turbolinux openssl-devel-0.9.7d-8.i586.rpm
Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/openssl-devel-0.9.7d-8.i586.rpm

Attachmate Reflection 14.0

Attachmate reflect-14.0.1-prod-w32.exe
http://download.attachmate.com/fileinfo.asp?filename=reflect-14.0.1-pr od-w32.exe

Attachmate Reflection for Secure IT 6.0

Attachmate rsitcliwin-6.1.1-prod-w32.exe
http://download.attachmate.com/fileinfo.asp?filename=rsitcliwin-6.1.1- prod-w32.exe

OpenSSL Project OpenSSL 0.9.7 beta1

OpenSSL Project openssl-0.9.7k.tar.gz
ftp://ftp.openssl.org/source/

OpenSSL Project OpenSSL 0.9.7 e

Debian libssl-dev_0.9.7e-3sarge2_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9. 7e-3sarge2_alpha.deb

Debian libssl-dev_0.9.7e-3sarge2_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9. 7e-3sarge2_amd64.deb

Debian libssl-dev_0.9.7e-3sarge2_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9. 7e-3sarge2_arm.deb

Debian libssl-dev_0.9.7e-3sarge2_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9. 7e-3sarge2_hppa.deb

Debian libssl-dev_0.9.7e-3sarge2_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9. 7e-3sarge2_i386.deb

Debian libssl-dev_0.9.7e-3sarge2_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9. 7e-3sarge2_ia64.deb

Debian libssl-dev_0.9.7e-3sarge2_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9. 7e-3sarge2_m68k.deb

Debian libssl-dev_0.9.7e-3sarge2_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9. 7e-3sarge2_mips.deb

Debian libssl-dev_0.9.7e-3sarge2_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9. 7e-3sarge2_mipsel.deb

Debian libssl-dev_0.9.7e-3sarge2_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9. 7e-3sarge2_powerpc.deb

Debian libssl-dev_0.9.7e-3sarge2_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9. 7e-3sarge2_s390.deb

Debian libssl-dev_0.9.7e-3sarge2_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9. 7e-3sarge2_sparc.deb

Debian libssl0.9.7_0.9.7e-3sarge2_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9 .7e-3sarge2_alpha.deb

Debian libssl0.9.7_0.9.7e-3sarge2_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9 .7e-3sarge2_amd64.deb

Debian libssl0.9.7_0.9.7e-3sarge2_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9 .7e-3sarge2_arm.deb

Debian libssl0.9.7_0.9.7e-3sarge2_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9 .7e-3sarge2_hppa.deb

Debian libssl0.9.7_0.9.7e-3sarge2_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9 .7e-3sarge2_i386.deb

Debian libssl0.9.7_0.9.7e-3sarge2_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9 .7e-3sarge2_ia64.deb

Debian libssl0.9.7_0.9.7e-3sarge2_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9 .7e-3sarge2_m68k.deb

Debian libssl0.9.7_0.9.7e-3sarge2_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9 .7e-3sarge2_mips.deb

Debian libssl0.9.7_0.9.7e-3sarge2_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9 .7e-3sarge2_mipsel.deb

Debian libssl0.9.7_0.9.7e-3sarge2_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9 .7e-3sarge2_powerpc.deb

Debian libssl0.9.7_0.9.7e-3sarge2_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9 .7e-3sarge2_s390.deb

Debian libssl0.9.7_0.9.7e-3sarge2_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9 .7e-3sarge2_sparc.deb

Debian openssl_0.9.7e-3sarge2_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e- 3sarge2_alpha.deb

Debian openssl_0.9.7e-3sarge2_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e- 3sarge2_amd64.deb

Debian openssl_0.9.7e-3sarge2_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e- 3sarge2_arm.deb

Debian openssl_0.9.7e-3sarge2_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e- 3sarge2_hppa.deb

Debian openssl_0.9.7e-3sarge2_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e- 3sarge2_i386.deb

Debian openssl_0.9.7e-3sarge2_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e- 3sarge2_ia64.deb

Debian openssl_0.9.7e-3sarge2_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e- 3sarge2_m68k.deb

Debian openssl_0.9.7e-3sarge2_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e- 3sarge2_mips.deb

Debian openssl_0.9.7e-3sarge2_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e- 3sarge2_mipsel.deb

Debian openssl_0.9.7e-3sarge2_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e- 3sarge2_powerpc.deb

Debian openssl_0.9.7e-3sarge2_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e- 3sarge2_s390.deb

Debian openssl_0.9.7e-3sarge2_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e- 3sarge2_sparc.deb

OpenSSL Project openssl-0.9.7k.tar.gz
ftp://ftp.openssl.org/source/

Slackware openssl-0.9.7e-i486-5_slack10.1.tgz
Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ openssl-0.9.7e-i486-5_slack10.1.tgz

Slackware openssl-solibs-0.9.7e-i486-5_slack10.1.tgz
Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ openssl-solibs-0.9.7e-i486-5_slack10.1.tgz

Trustix openssl-0.9.7e-7tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates

Trustix openssl-devel-0.9.7e-7tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates

Trustix openssl-devel-0.9.7k-1tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates

Trustix openssl-python-0.9.7e-7tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates

Trustix openssl-support-0.9.7e-7tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates

Trustix openssl-support-0.9.7k-1tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates

Ubuntu libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_amd64.udeb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-u deb_0.9.7e-3ubuntu0.3_amd64.udeb

Ubuntu libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_i386.udeb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-u deb_0.9.7e-3ubuntu0.3_i386.udeb

Ubuntu libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_powerpc.udeb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-u deb_0.9.7e-3ubuntu0.3_powerpc.udeb

Ubuntu libssl-dev_0.9.7e-3ubuntu0.3_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7 e-3ubuntu0.3_amd64.deb

Ubuntu libssl-dev_0.9.7e-3ubuntu0.3_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7 e-3ubuntu0.3_i386.deb

Ubuntu libssl-dev_0.9.7e-3ubuntu0.3_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7 e-3ubuntu0.3_powerpc.deb

Ubuntu libssl0.9.7_0.9.7e-3ubuntu0.3_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9. 7e-3ubuntu0.3_amd64.deb

Ubuntu libssl0.9.7_0.9.7e-3ubuntu0.3_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9. 7e-3ubuntu0.3_i386.deb

Ubuntu libssl0.9.7_0.9.7e-3ubuntu0.3_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9. 7e-3ubuntu0.3_powerpc.deb

Ubuntu openssl_0.9.7e-3ubuntu0.3_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3 ubuntu0.3_amd64.deb

Ubuntu openssl_0.9.7e-3ubuntu0.3_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3 ubuntu0.3_i386.deb

Ubuntu openssl_0.9.7e-3ubuntu0.3_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3 ubuntu0.3_powerpc.deb

OpenVPN OpenVPN 2.0.4

OpenVPN openvpn-2.0.8.tar.gz
http://openvpn.net/release/openvpn-2.0.8.tar.gz

HP System Management Homepage 2.1

HP HP System Management Homepage for Linux (AMD64/EM64T) version 2.1.8-177
http://h18023.www1.hp.com/support/files/server/us/download/26866.html

HP HP System Management Homepage for Linux (x86) version 2.1.8-177
http://h18023.www1.hp.com/support/files/server/us/download/26864.html

HP HP System Management Homepage for Windows version 2.1.8-179
http://h18023.www1.hp.com/support/files/server/us/download/26977.html

ISC BIND 9.3.1

Trustix bind-9.3.2-4tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates

Trustix bind-devel-9.3.2-4tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates

Trustix bind-libs-9.3.2-4tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates

Trustix bind-light-9.3.2-4tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates

Trustix bind-light-devel-9.3.2-4tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates

Trustix bind-utils-9.3.2-4tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates

Trustix openssl-0.9.7k-1tr.i586.rpm
Trustix Secure Linux 3.0
ftp://ftp.trustix.org/pub/trustix/updates