OpenSSL ASN.1 Large Recursion Remote Denial Of Service Vulnerability

Solution:
Fixes have been made available by the vendor.

Opera have released a new version of their Internet browser; this version 7.23 includes a patch to address this vulnerability. See attached changelog for further detail.

Cisco has released a revision of their SSL Implementation Vulnerabilities advisory (ID:45643) to include information about products that are affected by this vulnerability and workaround/fix information, additionally Cisco have released software availability dates. Please see the attached advisory for further details about which products are vulnerable and how to obtain fixes. This BID will be updated as Cisco provides more complete information about affected products and fixes.

Guardian Digitial has released security advisory ESA-20031104-029 to address this issue. Affected users are advised to run the webtool to update systems.

BlueCoat Systems has released an advisory stating that it has identified the vulnerability in versions of SGOS prior to 3.1.2 and 2.1.10, as well as CA/SA prior to 4.1.12. Fixed versions are currently in development.

SGI has also released an advisory 20030904-02-P that includes patches which address this issue.

NetBSD has released an advisory that includes updates. Fix details may be found in the attached advisory.

Red Hat advisory RHSA-2004:119-04 was also released for Red Hat Linux Enterprise releases. Please see the attached advisory for further details. Enterprise fixes may be obtained through the Red Hat Network.

RedHat has released an advisory RHSA-2004:139-05 to address this and other issues. Please see the advisory in web references for more information.

RedHat has released Fedora advisory FEDORA-2004-095 dealing with the issues and others. Please see the advisory section for more details.

RedHat has released an advisory RHSA-2004:119-04 to address this and other issues. Please see the advisory in web references for more information.

Fedora advisory FEDORA-2005-1042 is available to address this and other issues in Fedora Core 3. Please see the referenced advisory for more information.


OpenSSL Project OpenSSL 0.9.1 c

OpenSSL Project OpenSSL 0.9.2 b

OpenSSL Project OpenSSL 0.9.3

OpenSSL Project OpenSSL 0.9.4

OpenSSL Project OpenSSL 0.9.5 a

OpenSSL Project OpenSSL 0.9.5

OpenSSL Project OpenSSL 0.9.6 j

OpenSSL Project OpenSSL 0.9.6 d

OpenSSL Project OpenSSL 0.9.6 c

OpenSSL Project OpenSSL 0.9.6 e

OpenSSL Project OpenSSL 0.9.6 h

OpenSSL Project OpenSSL 0.9.6 a

OpenSSL Project OpenSSL 0.9.6 f

OpenSSL Project OpenSSL 0.9.6

OpenSSL Project OpenSSL 0.9.6 b

OpenSSL Project OpenSSL 0.9.6 g

OpenSSL Project OpenSSL 0.9.6 k

OpenSSL Project OpenSSL 0.9.6 i

OpenSSL Project OpenSSL 0.9.7 a

OpenSSL Project OpenSSL 0.9.7 b

SGI IRIX 6.5.19 m

SGI IRIX 6.5.19 f

SGI IRIX 6.5.20 f

SGI IRIX 6.5.20 m

SGI IRIX 6.5.21 m

SGI IRIX 6.5.21 f

Opera Software Opera Web Browser 7.20

Opera Software Opera Web Browser 7.21

Opera Software Opera Web Browser 7.22


 

Privacy Statement
Copyright 2010, SecurityFocus