ID

VAR-200901-0714

CVE

CVE-2008-5077

TITLE

OpenSSL Vulnerabilities that bypass the validity of certificate chains

DESCRIPTION

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. F5's FirePass server is a powerful network device that can provide users with secure access to the company's network through any standard web browser. F5 FirePass products have unidentified security vulnerabilities, allowing malicious users to conduct fraud and forgery attacks. OpenSSL is prone to a signature-verification vulnerability. An attacker would likely leverage this issue to conduct phishing attacks or impersonate legitimate sites. Other attacks are also possible. Releases prior to OpenSSL 0.9.8j are affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2009-0004 Synopsis: ESX Service Console updates for openssl, bind, and vim Issue date: 2009-03-31 Updated on: 2009-03-31 (initial release of advisory) CVE numbers: CVE-2008-5077 CVE-2009-0025 CVE-2008-4101 CVE-2008-3432 CVE-2008-2712 CVE-2007-2953 - ------------------------------------------------------------------------ 1. Summary ESX patches for OpenSSL, vim and bind resolve several security issues. 2. Relevant releases VMware ESX 3.0.3 without patches ESX303-200903406-SG, ESX303-200903405-SG, ESX303-200903403-SG VMware ESX 3.0.2 without patches ESX-1008409, ESX-1008408, ESX-1008406 Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available. 3. Problem Description a. Updated OpenSSL package for the Service Console fixes a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX ESX303-200903406-SG ESX 3.0.2 ESX ESX-1008409 ESX 2.5.5 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. b. Update bind package for the Service Console fixes a security issue. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0025 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX ESX303-200903405-SG ESX 3.0.2 ESX ESX-1008408 ESX 2.5.5 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. c. Updated vim package for the Service Console addresses several security issues. Several input flaws were found in Visual editor IMproved's (Vim) keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4101 to this issue. A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name, when opened by Vim causes the application to stop responding or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-3432 to this issue. Several input flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2712 to this issue. A format string flaw was discovered in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running VIM. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2953 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX ESX303-200903403-SG ESX 3.0.2 ESX ESX-1008406 ESX 2.5.5 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESX --- ESX 3.0.2 ESX-1008409 (openssl) http://download3.vmware.com/software/vi/ESX-1008409.tgz md5sum: cb25fd47bc0713b968d8778c033bc846 http://kb.vmware.com/kb/1008409 ESX 3.0.2 ESX-1008408 (bind) http://download3.vmware.com/software/vi/ESX-1008408.tgz md5sum: b6bd9193892a9c89b9b7a1e0456d2a9a http://kb.vmware.com/kb/1008408 ESX 3.0.2 ESX-1008406 (vim) http://download3.vmware.com/software/vi/ESX-1008406.tgz md5sum: f069daa58190b39e431cedbd26ce25ef http://kb.vmware.com/kb/1008406 ESX 3.0.3 ESX303-200903406-SG (openssl) http://download3.vmware.com/software/vi/ESX303-200903406-SG.zip md5sum: 45a2d32f9267deb5e743366c38652c92 http://kb.vmware.com/kb/1008416 ESX 3.0.3 ESX303-200903405-SG (bind) http://download3.vmware.com/software/vi/ESX303-200903405-SG.zip md5sum: 34d00fd9cca7f3e08c0857b4cc254710 http://kb.vmware.com/kb/1008415 ESX 3.0.3 ESX303-200903403-SG (vim) http://download3.vmware.com/software/vi/ESX303-200903403-SG.zip md5sum: 9790c9512aef18beaf0d1c7d405bed1a http://kb.vmware.com/kb/1008413 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3432 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953 - ------------------------------------------------------------------------ 6. Change log 2009-03-31 VMSA-2009-0004 Initial security advisory after release of patches for ESX 3.0.2 and 3.0.3 on 2009-03-31. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFJ0tgoS2KysvBH1xkRAiAbAJ4uG0NGavdQLzfxFyXnrxBQLqHl1QCdEf4q LA8+0sLvaS37smj8BQPdm0g= =ZVXY -----END PGP SIGNATURE----- . #2008-016 multiple OpenSSL signature verification API misuse Description: Several functions inside the OpenSSL library incorrectly check the result after calling the EVP_VerifyFinal function. This bug allows a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA and ECDSA keys used with SSL/TLS. A patch fixing the issue with proper return code checking and further important recommendations are described in the original OpenSSL Team advisory. At the request of the OpenSSL team, oCERT has aided in the remediation coordination for other projects with similar API misuse vulnerabilities. In addition to EVP_VerifyFinal, the return codes from DSA_verify and DSA_do_verify functions were being incorrectly validated, and packages doing so are affected in a similar fashion as OpenSSL. NTP <= 4.2.4p5 (production), <= 4.2.5p150 (development) Sun GridEngine <= 5.3 Gale <= 0.99 OpenEvidence <= 1.0.6 Belgian eID middleware - eidlib <= 2.6.0 [2] Freedom Network Server <= 2.x The following packages were identified as affected by a vulnerability similar to the OpenSSL one, as they use OpenSSL DSA_verify function and incorrectly check the return code. BIND <= 9.4.3 Lasso <= 2.2.1 ZXID <= 0.29 1 - use of OpenSSL as an SSL/TLS client when connecting to a server whose certificate uses an RSA key is NOT affected. Verification of client certificates by OpenSSL servers for any key type is NOT affected. 2 - Belgian eID middleware latest versions are not available in source form, therefore we cannot confirm if they are affected Fixed version: OpenSSL >= 0.9.8j NTP >= 4.2.4p6 (production), >= 4.2.5p153 (development) Sun GridEngine >= 6.0 Gale N/A OpenEvidence N/A Belgian eID middleware - eidlib N/A Freedom Network Server N/A BIND >= 9.3.6-P1, 9.4.3-P1, 9.5.1-P1, 9.6.0-P1 Lasso >= 2.2.2 ZXID N/A Credit: Google Security Team (for the original OpenSSL issue). CVE: CVE-2008-5077 (OpenSSL), CVE-2009-0021 (NTP), CVE-2009-0025 (BIND) Timeline: 2008-12-16: OpenSSL Security Team requests coordination aid from oCERT 2008-12-16: oCERT investigates packages affected by similar issues 2008-12-16: contacted affected vendors 2008-12-17: investigation expanded to DSA verification 2008-12-17: BIND, Lasso and ZXID added to affected packages 2008-12-18: contacted additional affected vendors 2009-01-05: status updates and patch dissemination to affected vendors 2009-01-05: confirmation from BIND of issue and fix 2009-01-06: requested CVE assignment for BIND 2009-01-07: advisory published References: http://openssl.org/news/secadv_20090107.txt Links: http://openssl.org/ http://www.ntp.org/ http://gridengine.sunsource.net/ http://gale.org/ http://www.openevidence.org/ http://eid.belgium.be/ http://www.google.com/codesearch/p?#1vGzyQX--LU/achilles/remailer/zero-knowledge/freedomserver-2.x.tgz/ https://www.isc.org/products/BIND http://lasso.entrouvert.org/ http://www.zxid.org/ Permalink: http://www.ocert.org/advisories/ocert-2008-016.html -- Will Drewry <redpig@ocert.org> oCERT Team :: http://ocert.org . _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 6585e08eab279e6a249630385683bf43 2008.0/i586/libopenssl0.9.8-0.9.8e-8.2mdv2008.0.i586.rpm b5955c2c0a2cc24abd9f5f3ebc7d0148 2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.2mdv2008.0.i586.rpm 7c92323d7aa583b936ef908f3f6ac867 2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.i586.rpm 2b791168311c3ecba4f8b7acd24e64ab 2008.0/i586/openssl-0.9.8e-8.2mdv2008.0.i586.rpm cf51c48e4c05ac5357f6076fbaeff0a5 2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 6259ac00622227eee59f888bc516bc3a 2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.2mdv2008.0.x86_64.rpm fe745327c1bbb599e025a5b90bb05817 2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm bdb7113b06aab0c4d77cbf86bcf208c2 2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm d4fda198a80b88c7caaf947af0866df8 2008.0/x86_64/openssl-0.9.8e-8.2mdv2008.0.x86_64.rpm cf51c48e4c05ac5357f6076fbaeff0a5 2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm Mandriva Linux 2008.1: 4a0be98cd3fb82a22e3836c5ae81ed37 2008.1/i586/libopenssl0.9.8-0.9.8g-4.2mdv2008.1.i586.rpm 277058ecc1d26d24bf4da5ea27d4a31f 2008.1/i586/libopenssl0.9.8-devel-0.9.8g-4.2mdv2008.1.i586.rpm 29b08a5a233f1987c4ca98aaa4e97ac5 2008.1/i586/libopenssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.i586.rpm e47be879abc0c089a8f380469a6a62c8 2008.1/i586/openssl-0.9.8g-4.2mdv2008.1.i586.rpm 7395d0e10c1938be16261baba05da55c 2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 71a69804b928a9f7856f65fee332c5ab 2008.1/x86_64/lib64openssl0.9.8-0.9.8g-4.2mdv2008.1.x86_64.rpm e9c5d1d4895a5a679945bde62df6f988 2008.1/x86_64/lib64openssl0.9.8-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm 7f2d66839f93e2083dcd1b1f27ca4ddf 2008.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm 40408ffdf13faa6c79b28c764bb88b22 2008.1/x86_64/openssl-0.9.8g-4.2mdv2008.1.x86_64.rpm 7395d0e10c1938be16261baba05da55c 2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 2512f6a41e9a8e7bcff53e5737029689 2009.0/i586/libopenssl0.9.8-0.9.8h-3.1mdv2009.0.i586.rpm d7774faaed2866da5bb05cbcf07604da 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.1mdv2009.0.i586.rpm ed99160bdf1ce33fa81dc47c71915318 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.i586.rpm 6116fafed014596ee1e6ec43db93133f 2009.0/i586/openssl-0.9.8h-3.1mdv2009.0.i586.rpm 8ad6b0d8aff3bb992d716668450aef3a 2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: d2cc04fc0bdaeea8e4cc5d7ab4e997fd 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.1mdv2009.0.x86_64.rpm b537da3113c75f87c4fa8d66be2d6797 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm ef9add2bec302b324b9c0690cf79b57c 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm 16b8c11f4d6dedf2e4176bfc55607c15 2009.0/x86_64/openssl-0.9.8h-3.1mdv2009.0.x86_64.rpm 8ad6b0d8aff3bb992d716668450aef3a 2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm Corporate 3.0: 5e8f4b7c1e646d0e16af2d83238a011b corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm 5115d911b9a6842fd0c3495429c7c2f2 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.9.C30mdk.i586.rpm b934b4f9686deef6cb1eba750ab36288 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.i586.rpm 11ec8a4df261d4d4fa9957d33be08604 corporate/3.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm dcd1a4feb1a04302c54465dce7c7c506 corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm Corporate 3.0/X86_64: 64521521330df90b42c9c37cafe50b54 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.9.C30mdk.x86_64.rpm 3a85c30c0511e42ec76c80e08efe5192 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.9.C30mdk.x86_64.rpm 12af66f30c5022d8d29b57a9131458c3 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.x86_64.rpm 62f5c54be99ddc9458670ae04b24d3f0 corporate/3.0/x86_64/openssl-0.9.7c-3.9.C30mdk.x86_64.rpm dcd1a4feb1a04302c54465dce7c7c506 corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm Corporate 4.0: 60c64d9ead2b01fb39058a705fcb95dc corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.7.20060mlcs4.i586.rpm fb4d5555c211b375707bf7d194e74776 corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.i586.rpm c13ff967b4310e5a790e85595f940b7e corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.i586.rpm e9a96a389c00ee674d689e3747c3e501 corporate/4.0/i586/openssl-0.9.7g-2.7.20060mlcs4.i586.rpm 4df38ebd98b467bdee0d4a24d3b0158f corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm Corporate 4.0/X86_64: de71d0bbc98589afdf03b7a99aad7103 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.7.20060mlcs4.x86_64.rpm 0c330148b55987e50f491c7e4d3b65a5 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm ce64720b2685fada3e88a5725c43b532 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm 29f0f40602184d7f366e1d1d8e5c03e4 corporate/4.0/x86_64/openssl-0.9.7g-2.7.20060mlcs4.x86_64.rpm 4df38ebd98b467bdee0d4a24d3b0158f corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm Multi Network Firewall 2.0: 74a4beac1c01f9fd888dd5eea356f7be mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm c809a08f26051c7a3931ccda00c94429 mnf/2.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm 8ae9f7004b77dca2317980ba4215dc92 mnf/2.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJZqIYmqjQ0CJFipgRAqRNAKDNNvWgsIk0/eh5f8539zOJ7dtnnQCeJezP ZE8i9Ju80WcdhXe9yIoPevE= =9n1t -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200902-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Certificate validation error Date: February 12, 2009 Bugs: #251346 ID: 200902-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An error in the OpenSSL certificate chain validation might allow for spoofing attacks. Background ========== OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Impact ====== A remote attacker could exploit this vulnerability and spoof arbitrary names to conduct Man-In-The-Middle attacks and intercept sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8j" References ========== [ 1 ] CVE-2008-5077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200902-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Release Date: 2010-06-16 Last Updated: 2010-06-16 Potential Security Impact: Remote unauthorized data injection, Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP SSL for OpenVMS. The vulnerabilities could be remotely exploited resulting in unauthorized data injection or a Denial of Service (DoS). References: CVE-2008-5077, CVE-2009-0590, CVE-2009-0591, CVE-2009-0789, CVE-2009-3245 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL v1.3 for OpenVMS Alpha (v 8.2 or higher) and Integrity (v 8.2-1 or higher). BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2008-5077 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2009-0590 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-0591 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2009-0789 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-3245 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made HP SSL v 1.4 for OpenVMS Alpha and Integrity platforms available to resolve the vulnerabilities. It is available from the following location: URL: http://h71000.www7.hp.com/openvms/products/ssl/ssl.html PRODUCT SPECIFIC INFORMATION None HISTORY Version:1 (rev.1) 16 June 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. =========================================================== Ubuntu Security Notice USN-704-1 January 07, 2009 openssl vulnerability CVE-2008-5077 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.6 openssl 0.9.8a-7ubuntu0.6 Ubuntu 7.10: libssl0.9.8 0.9.8e-5ubuntu3.3 openssl 0.9.8e-5ubuntu3.3 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.4 openssl 0.9.8g-4ubuntu3.4 Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.1 openssl 0.9.8g-10.1ubuntu2.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.6.diff.gz Size/MD5: 50783 396d2184fcb5130f410d08abc6b7330c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.6.dsc Size/MD5: 822 64ee2faa7018f771f6ebe9d46f3b0a99 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.6_amd64.udeb Size/MD5: 571736 e7a9c7893a6d858465b9baae1de69de6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.6_amd64.deb Size/MD5: 2167724 ec495fd3402eb1dec0a1ce6594bdb7b3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.6_amd64.deb Size/MD5: 1682634 9e310c2bcd01bfe4c0c5992252741a6a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.6_amd64.deb Size/MD5: 875434 cb8096f3befae3931c17ccbb0ccf0496 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.6_amd64.deb Size/MD5: 984764 214c03461736f5b2ed744069d833db86 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.6_i386.udeb Size/MD5: 509508 df64bbeaa01e1e3128ecf319e8bdcd52 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.6_i386.deb Size/MD5: 2024104 130c24c04244403953e63f77b52f4f38 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.6_i386.deb Size/MD5: 5053036 1e9f9310bc70e06f96d93b486d2fc486 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.6_i386.deb Size/MD5: 2595612 57b9b8fa2e9aa7e327ec77ce5ac6d422 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.6_i386.deb Size/MD5: 976318 b1cc97035bec3309bbbe270da1a5a5e8 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.6_powerpc.udeb Size/MD5: 557892 c4e0970fc419674173fb6b0e299c91c8 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.6_powerpc.deb Size/MD5: 2181796 46a9ea8bf00476fd33d598ceca33c84f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.6_powerpc.deb Size/MD5: 1727402 2cc9be011c97e233490445696341aaec http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.6_powerpc.deb Size/MD5: 861910 0e58b30e47c25a46f112d6481a1c5a35 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.6_powerpc.deb Size/MD5: 980576 f2855029ed59ed4b7226cb2fe06e3f7e sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.6_sparc.udeb Size/MD5: 530818 d7d206110c0dbb2c4e7298f6b9303af1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.6_sparc.deb Size/MD5: 2093166 78a7da03db8f01a3b6d7dfba5fb44198 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.6_sparc.deb Size/MD5: 3942670 8ee3f109488992bb0d01d06e4088ff30 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.6_sparc.deb Size/MD5: 2091522 ea6cf49b21d8ba82ab24af3ee567068b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.6_sparc.deb Size/MD5: 988638 ce46e30741dacb282c4f1b446f84ab23 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.3.diff.gz Size/MD5: 58877 e62d5901d69b5b871f90e04d9acf521e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.3.dsc Size/MD5: 958 b1c17ee608e6bc7d07fa4623201f3a7c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e.orig.tar.gz Size/MD5: 3341665 3a7ff24f6ea5cd711984722ad654b927 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.3_amd64.udeb Size/MD5: 608584 c481816fbc6c299a00b80a3cb4af246f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.3_amd64.deb Size/MD5: 2065274 c4a1d6af5d0f1190052e6a3c758e9abb http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.3_amd64.deb Size/MD5: 1644192 aa30118c7c95dcfe5556ec12d7add5d6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.3_amd64.deb Size/MD5: 929024 6d28c88e967291c00764b22831b8924e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.3_amd64.deb Size/MD5: 877802 84c0139ce5dd16fb927ad358e7381548 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.3_i386.udeb Size/MD5: 571798 c607dc9f23b135daff01e22504c16fab http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.3_i386.deb Size/MD5: 1943350 19f8d4104d2e295ba4a2f439f44e20ee http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.3_i386.deb Size/MD5: 5520624 a21d311ccde9661b3e8f06ba55cbef3e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.3_i386.deb Size/MD5: 2825690 c3c7d55d3795d52b06284f0caa99d3a1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.3_i386.deb Size/MD5: 872044 aeb4f6b72d07cc2a976a18cf93a367dd lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.3_lpia.udeb Size/MD5: 537248 b07db5071f9ff8914a2d40d6e20ffb41 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.3_lpia.deb Size/MD5: 1922002 e9b23815db3e2e64f46d719b51cce2f4 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.3_lpia.deb Size/MD5: 1557272 ae70a0bb736343fe718bf0d35a3b32d9 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.3_lpia.deb Size/MD5: 836726 b9b1f8206ba21fb9dde3f980c86d24f8 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.3_lpia.deb Size/MD5: 876574 7839e291a551899242a4dc2f5b8d9f35 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.3_powerpc.udeb Size/MD5: 618004 7a9f02ca9b67ebc512a6f9e38a80dc26 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.3_powerpc.deb Size/MD5: 2093146 1d5f7c1c9af62423a04efedd7d38a913 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.3_powerpc.deb Size/MD5: 1705258 342ae884bd21bcddec45c9b8eabac551 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.3_powerpc.deb Size/MD5: 945950 9675de35a318feb0078a96896595967c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.3_powerpc.deb Size/MD5: 886178 9c581cd1ca63f80bb8a9d5832942a153 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.3_sparc.udeb Size/MD5: 565190 2c2a71fcb2e872cabaeb7d4ae7a20259 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.3_sparc.deb Size/MD5: 1987290 2eced2b5c5554f981a61ad6d6afb189a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.3_sparc.deb Size/MD5: 4050004 9ab3d6baf7aaaa6c0268f4be69f0a1a9 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.3_sparc.deb Size/MD5: 2221122 d210d67192ddfde087aecc66791d2932 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.3_sparc.deb Size/MD5: 887274 52fd404eb494c0e0b371c7428552196a Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.4.diff.gz Size/MD5: 54265 48ab0fa9c3683e86643241b94cbbd39a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.4.dsc Size/MD5: 920 896ab79ea689efeb2de3e02dc0fc6c3d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.4_all.deb Size/MD5: 628902 af428e77b048f9b563dbf3b6e03c7b77 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.4_amd64.udeb Size/MD5: 603882 7cab435930aed7cc81635af1f9186c72 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.4_amd64.deb Size/MD5: 2064750 5655eeabb4f5394c6fa9e066104829fe http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.4_amd64.deb Size/MD5: 1604310 437124745340c62fb91eb330dd13e26c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.4_amd64.deb Size/MD5: 931554 27a5fcd27928f903c555f1c52038db0c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.4_amd64.deb Size/MD5: 390620 788d2703d3e67348a628054beb912ed3 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.4_i386.udeb Size/MD5: 564676 019f31865013411c760e4ab851e89e17 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.4_i386.deb Size/MD5: 1941970 eb1e998c368a67901f8dc24e7f7c8a6f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.4_i386.deb Size/MD5: 5341460 652d0ec4bf5f9eac14670c2f439beda4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.4_i386.deb Size/MD5: 2828564 a2ce3d2beb2c38d33dd94f04f2191883 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.4_i386.deb Size/MD5: 385434 836f3086e428903ccb04c28494ea0041 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.4_lpia.udeb Size/MD5: 535450 be4c24bff72025ce0c6c6394fba68fd5 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.4_lpia.deb Size/MD5: 1922618 a65ff52eb395b40c14f7fc18ea41ad7d http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.4_lpia.deb Size/MD5: 1512528 458077dda55faeaf239ee3a47299c609 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.4_lpia.deb Size/MD5: 843082 fc0918a82913ea636d087278f3e96fa7 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.4_lpia.deb Size/MD5: 390018 8faf10bc8b6d4fa531def5446e66dee1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.4_powerpc.udeb Size/MD5: 610282 dc8839e3ff9862b80b862285ef984e9f http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.4_powerpc.deb Size/MD5: 2077956 2bac2aea99e1e0096220f94036883f5e http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.4_powerpc.deb Size/MD5: 1639618 4a18538a4b3ba94b78d9c7cea49a6b07 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.4_powerpc.deb Size/MD5: 944878 fb6aa227b8609ffde3242b4f5fc6116f http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.4_powerpc.deb Size/MD5: 399202 cb99c081fd9f48e5a40df713ae651e88 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.4_sparc.udeb Size/MD5: 559654 b84fa24de0b7aada1ba92eb57405d92f http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.4_sparc.deb Size/MD5: 1984540 16585659f3a14e89470a5f00fd4f42ba http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.4_sparc.deb Size/MD5: 3873894 fc78d170a38cbddf9e3535cb353d52b3 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.4_sparc.deb Size/MD5: 2241644 177559b738e07248aff683e93fe9b82b http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.4_sparc.deb Size/MD5: 397818 652f57d5f54161a5e0ad5c79617b0879 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.1.diff.gz Size/MD5: 55754 c957bd1ff8a8500f842e20234143c351 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.1.dsc Size/MD5: 1334 0dd1b68e9c2f1caefc82dd0fc2b92648 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-10.1ubuntu2.1_all.deb Size/MD5: 628628 c4f6300e39b5949d7ef8cb13f7054214 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.1_amd64.udeb Size/MD5: 622186 bc90e5f8db699789fc7aa72d42e57371 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.1_amd64.deb Size/MD5: 2109722 a7dc60dd48c1ec1656cbb909c456d960 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.1_amd64.deb Size/MD5: 1685202 25e62ee915d832d604890addbaa122ea http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.1_amd64.deb Size/MD5: 957898 115151c119f55d0907593883f877daa3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.1_amd64.deb Size/MD5: 404030 b7ea3332ca29746237f2b661c91e89b1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.1_i386.udeb Size/MD5: 578654 c1afb78788aee9b1d87b9fe9cc3f84cd http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.1_i386.deb Size/MD5: 1980648 352cdc3d1ec18714ed69a0e994ad3a34 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.1_i386.deb Size/MD5: 5604978 2d964cdf8c4f11d7407a614c23cfee3d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.1_i386.deb Size/MD5: 2920048 a9073edf1c235cf3919c09a0ab5718f4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.1_i386.deb Size/MD5: 398652 7f7fba957c5f1e3071275a38671acf25 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.1_lpia.udeb Size/MD5: 547384 30f57b3c8dde980d1e46c4c26d8ad561 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.1_lpia.deb Size/MD5: 1958092 2560aaf556ba47a934092635ba0d8d2f http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.1_lpia.deb Size/MD5: 1578834 05f9e7736ccd10d80e6953e2fe094fa1 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.1_lpia.deb Size/MD5: 862680 d298ef88cef3c47b0e90e0f1a9181a40 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.1_lpia.deb Size/MD5: 400640 215b80cc7bb02cc24f2086dc5baa6217 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.1_powerpc.udeb Size/MD5: 623176 85a1d24d89ea4c34cc9a54b568b5bc58 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.1_powerpc.deb Size/MD5: 2120282 3c16c677ad334913d82080fd41f25daf http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.1_powerpc.deb Size/MD5: 1704334 ec55dbd174914d100a625a601d5c8d6c http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.1_powerpc.deb Size/MD5: 964578 3f207d7b34494f01d1cb3448825af9e5 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.1_powerpc.deb Size/MD5: 402660 cc80ae7e798e4b46f9882ad31d2e7cc9 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.1_sparc.udeb Size/MD5: 567580 bd1a38ca852a485c76d434c619766e30 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.1_sparc.deb Size/MD5: 2013344 6eec2f31c3d94e19eeb57f1008030a80 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.1_sparc.deb Size/MD5: 4038260 5c9cc4e498dac03b1d8664840c62e0d7 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.1_sparc.deb Size/MD5: 2284620 317c30221db0bb66c0703c40694d9485 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.1_sparc.deb Size/MD5: 406750 8542831a114aaff62e62021bbc8d028b

IOT TAXONOMY

AFFECTED PRODUCTS