|
|
OpenSSL CBC Error Information Leakage Weakness
Solution: It is reported that certain versions of Computer Associates eTrust Security Command Center are prone to this vulnerability. Customers are advised to contact the vendor for further information pertaining to obtaining and applying appropriate updates. Hewlett-Packard has released an advisory (HPSBUX0309-280), which contains fix information to address this issue in J2SE and JSSE. Customers are advised to upgrade as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory. NetBSD has released an advisory (2003-001) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes. Administrators and users are advised to upgrade to version 0.9.6i or 0.9.7a. OpenPKG has released upgrade RPMs. Conectiva has released an advisory (CLA-2003:570) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes. Debian has released an advisory (DSA 253-1) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes. Gentoo Linux have recommended that users who are running 'dev-libs/openssl' upgrade to 'openssl-0.9.6i' or 'openssl-0.9.7a' as follows: emerge sync emerge -u openssl emerge clean Mandrake has released an advisory (MDKSA-2003:020) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes. Trustix has released an advisory (TSLSA-2003-0005) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes. EnGarde has released an advisory ([ESA-20030220-005) which addresses this issue. Fix details may be found in the attached advisory. FreeBSD has released an updated Security Advisory. Users are advised to apply the new patches or to upgrade systems via CVS. Further information is available in the referenced advisory. OpenBSD has released security patches which address this issue. Further information is available from the OpenBSD eratta pages. SuSE has released an advisory (SuSE-SA:2003:011) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes. Apple has released an advisory which contains a fix for this issue. Further information is available from the Apple Security Update page. Red Hat Linux has released an advisory (RHSA-2003:062-11) containing fixes. Information about obtaining and applying fixes are available in the referenced advisory. Sun has released updated versions of the affected products to address this issue. Sun has also released an alert stating that this issue has been addressed in the latest release of JSSE, SDK, and JRE. HP has released advisory HPSBUX0303-248 (rev. 1) to address this issue. HP has released advisory HPSBUX0303-248 (rev. 2) to address this issue. Oracle has released an advisory and patches to address this issue. User are advised to obtain patches from the Oracle metalink site listed in references. Fixes available: OpenBSD OpenBSD 3.2
Sun Cobalt RaQ 4
Sun Cobalt RaQ 550
Sun Cobalt RaQ XTR
Sun Cobalt Qube 3
OpenBSD OpenBSD 3.1
OpenSSL Project OpenSSL 0.9.3
OpenSSL Project OpenSSL 0.9.4
OpenSSL Project OpenSSL 0.9.5 a
OpenSSL Project OpenSSL 0.9.5
OpenSSL Project OpenSSL 0.9.6 d
OpenSSL Project OpenSSL 0.9.6 c
OpenSSL Project OpenSSL 0.9.6 e
OpenSSL Project OpenSSL 0.9.6 h
OpenSSL Project OpenSSL 0.9.6 a
OpenSSL Project OpenSSL 0.9.6
OpenSSL Project OpenSSL 0.9.6 b
OpenSSL Project OpenSSL 0.9.6 g
OpenSSL Project OpenSSL 0.9.7 beta2
OpenSSL Project OpenSSL 0.9.7 beta1
OpenSSL Project OpenSSL 0.9.7 beta3
OpenSSL Project OpenSSL 0.9.7
HP HP-UX Apache-Based Web Server 1.0 .01
Sun JSSE 1.0.3 _01
Sun JSSE 1.0.3
HP Apache-Based Web Server 1.3.27 .00
Sun SDK (Solaris Production Release) 1.4.1
Sun JRE (Solaris Production Release) 1.4.1 _02
Sun JRE (Solaris Production Release) 1.4.1
Sun SDK (Solaris Production Release) 1.4.1 _01
Sun SDK (Windows Production Release) 1.4.1
Sun JRE (Solaris Production Release) 1.4.1 _01
Sun SDK (Windows Production Release) 1.4.1 _02
Sun JRE (Windows Production Release) 1.4.1
Sun JRE (Windows Production Release) 1.4.1 _02
Sun SDK (Linux Production Release) 1.4.1
Sun SDK (Solaris Production Release) 1.4.1 _02
Sun SDK (Windows Production Release) 1.4.1 _01
Sun SDK (Linux Production Release) 1.4.1 _02
Sun JRE (Windows Production Release) 1.4.1 _01
Sun SDK (Linux Production Release) 1.4.1 _01
Apple Mac OS X 10.2.4
HP Apache-Based Web Server 2.0.43 .00
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.6.2
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.7 -STABLE
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 5.0
Sun ONE Web Server 6.0 SP5
Sun ONE Web Server 6.0 SP4
Sun ONE Web Server 6.0
Sun ONE Web Server 6.0 SP2
Sun ONE Web Server 6.0 SP3
Sun ONE Web Server 6.0 SP1
Sun ONE Application Server 7.0 Standard Edition
Sun ONE Application Server 7.0 Platform Edition
|
|
Privacy Statement |