Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

OpenSSL CBC Error Information Leakage Weakness

Solution:
It is reported that certain versions of Computer Associates eTrust Security Command Center are prone to this vulnerability. Customers are advised to contact the vendor for further information pertaining to obtaining and applying appropriate updates.

Hewlett-Packard has released an advisory (HPSBUX0309-280), which contains fix information to address this issue in J2SE and JSSE. Customers are advised to upgrade as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

NetBSD has released an advisory (2003-001) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Administrators and users are advised to upgrade to version 0.9.6i or 0.9.7a. OpenPKG has released upgrade RPMs.

Conectiva has released an advisory (CLA-2003:570) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Debian has released an advisory (DSA 253-1) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Gentoo Linux have recommended that users who are running 'dev-libs/openssl' upgrade to 'openssl-0.9.6i' or 'openssl-0.9.7a' as follows:

emerge sync
emerge -u openssl
emerge clean

Mandrake has released an advisory (MDKSA-2003:020) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Trustix has released an advisory (TSLSA-2003-0005) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

EnGarde has released an advisory ([ESA-20030220-005) which addresses this issue. Fix details may be found in the attached advisory.

FreeBSD has released an updated Security Advisory. Users are advised to apply the new patches or to upgrade systems via CVS. Further information is available in the referenced advisory.

OpenBSD has released security patches which address this issue. Further information is available from the OpenBSD eratta pages.

SuSE has released an advisory (SuSE-SA:2003:011) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Apple has released an advisory which contains a fix for this issue. Further information is available from the Apple Security Update page.

Red Hat Linux has released an advisory (RHSA-2003:062-11) containing fixes. Information about obtaining and applying fixes are available in the referenced advisory.

Sun has released updated versions of the affected products to address this issue.

Sun has also released an alert stating that this issue has been addressed in the latest release of JSSE, SDK, and JRE.

HP has released advisory HPSBUX0303-248 (rev. 1) to address this issue.

HP has released advisory HPSBUX0303-248 (rev. 2) to address this issue.

Oracle has released an advisory and patches to address this issue. User are advised to obtain patches from the Oracle metalink site listed in references.

Fixes available:


OpenBSD OpenBSD 3.2

Sun Cobalt RaQ 4

Sun Cobalt RaQ 550

Sun Cobalt RaQ XTR

Sun Cobalt Qube 3

OpenBSD OpenBSD 3.1

OpenSSL Project OpenSSL 0.9.3

OpenSSL Project OpenSSL 0.9.4

OpenSSL Project OpenSSL 0.9.5 a

OpenSSL Project OpenSSL 0.9.5

OpenSSL Project OpenSSL 0.9.6 d

OpenSSL Project OpenSSL 0.9.6 c

OpenSSL Project OpenSSL 0.9.6 e

OpenSSL Project OpenSSL 0.9.6 h

OpenSSL Project OpenSSL 0.9.6 a

OpenSSL Project OpenSSL 0.9.6

OpenSSL Project OpenSSL 0.9.6 b

OpenSSL Project OpenSSL 0.9.6 g

OpenSSL Project OpenSSL 0.9.7 beta2

OpenSSL Project OpenSSL 0.9.7 beta1

OpenSSL Project OpenSSL 0.9.7 beta3

OpenSSL Project OpenSSL 0.9.7

HP HP-UX Apache-Based Web Server 1.0 .01

Sun JSSE 1.0.3 _01

Sun JSSE 1.0.3

HP Apache-Based Web Server 1.3.27 .00

Sun SDK (Solaris Production Release) 1.4.1

Sun JRE (Solaris Production Release) 1.4.1 _02

Sun JRE (Solaris Production Release) 1.4.1

Sun SDK (Solaris Production Release) 1.4.1 _01

Sun SDK (Windows Production Release) 1.4.1

Sun JRE (Solaris Production Release) 1.4.1 _01

Sun SDK (Windows Production Release) 1.4.1 _02

Sun JRE (Windows Production Release) 1.4.1

Sun JRE (Windows Production Release) 1.4.1 _02

Sun SDK (Linux Production Release) 1.4.1

Sun SDK (Solaris Production Release) 1.4.1 _02

Sun SDK (Windows Production Release) 1.4.1 _01

Sun SDK (Linux Production Release) 1.4.1 _02

Sun JRE (Windows Production Release) 1.4.1 _01

Sun SDK (Linux Production Release) 1.4.1 _01

Apple Mac OS X 10.2.4

HP Apache-Based Web Server 2.0.43 .00

FreeBSD FreeBSD 4.6

FreeBSD FreeBSD 4.6.2

FreeBSD FreeBSD 4.7

FreeBSD FreeBSD 4.7 -STABLE

FreeBSD FreeBSD 4.8 -PRERELEASE

FreeBSD FreeBSD 5.0

Sun ONE Web Server 6.0 SP5

Sun ONE Web Server 6.0 SP4

Sun ONE Web Server 6.0

Sun ONE Web Server 6.0 SP2

Sun ONE Web Server 6.0 SP3

Sun ONE Web Server 6.0 SP1

Sun ONE Application Server 7.0 Standard Edition

Sun ONE Application Server 7.0 Platform Edition




 

Privacy Statement
Copyright 2008, SecurityFocus