レッドハット | オープンソース・カンパニー

Account Links: RHN登録方法 | RHN登録 | RHNログイン

サポート > セキュリティー&アップデート/ERRATA

OpenSSLパッケージのアップデート

アドバイスID:	RHSA-2003:291-11
最終更新日:	2003-09-30
影響のあるプロダクト:	Red Hat Linux 7.1 Red Hat Linux 7.1 for iSeries Red Hat Linux 7.1 for pSeries Red Hat Linux 7.2 Red Hat Linux 7.3 Red Hat Linux 8.0 Red Hat Linux 9
CVEs (cve.mitre.org):	CAN-2003-0543 CAN-2003-0544

セキュリティ・アドバイス

概要:

Updated OpenSSL packages that fix ASN.1 parsing vulnerabilities are now
available for Red Hat Linux versions 7.1, 7.2, 7.3, and 8.0.

OpenSSL is a commercial-grade, full-featured, open source toolkit that
implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security
(TLS v1) protocols, as well as a full-strength general purpose cryptography
library.

NISCC testing of implementations of the SSL protocol uncovered two bugs in
OpenSSL 0.9.6 and OpenSSL 0.9.7. The parsing of unusual ASN.1 tag values
can cause OpenSSL to crash. A remote attacker could trigger this bug by
sending a carefully-crafted SSL client certificate to an application. The
effects of such an attack vary depending on the application targetted;
against Apache the effects are limited, as the attack would only cause
child processes to die and be replaced. An attack against other
applications that use OpenSSL could result in a Denial of Service. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2003-0543 and CAN-2003-0544 to this issue.

Red Hat Linux versions 7.1, 7.2, 7.3, and 8.0 contain OpenSSL 0.9.6 and are
therefore vulnerable to this issue.

These erratum packages contain a patch provided by the OpenSSL group that
protects against this issue.

Because server applications are affected by this issue, users are advised
to either restart all services that use OpenSSL functionality or reboot
their systems after installing these updates.

Red Hat would like to thank NISCC and Stephen Henson for their work on this
vulnerability.

These packages also include a patch from OpenSSL 0.9.6f which removes
the calls to abort the process in certain circumstances. Red Hat would
like to thank Patrik Hornik for notifying us of this issue.

アップデート・パッケージ:

Red Hat Linux 7.1

SRPMS:
openssl-0.9.6-19.src.rpm [ via FTP ] [ via HTTP ]	`9309244a0ee15b771ce563de2ae420f9`
openssl095a-0.9.5a-23.7.3.src.rpm [ via FTP ] [ via HTTP ]	`dfa32bec87555eadabd637b7034e0165`

i386:
openssl-0.9.6-19.i386.rpm [ via FTP ] [ via HTTP ]	`1fcb5b6f227c18a3ee6fa04e8442c620`
openssl-devel-0.9.6-19.i386.rpm [ via FTP ] [ via HTTP ]	`9a6a10df96517c4faa9d55aec3ee5886`
openssl-perl-0.9.6-19.i386.rpm [ via FTP ] [ via HTTP ]	`eb030b59eb7657b736c2e0da19948164`
openssl-python-0.9.6-19.i386.rpm [ via FTP ] [ via HTTP ]	`0bb809840547c10a143b64031552954e`
openssl095a-0.9.5a-23.7.3.i386.rpm [ via FTP ] [ via HTTP ]	`1d520359aa1c2c48f8a026d1391b9fa9`

Red Hat Linux 7.1 for iSeries

SRPMS:
openssl-0.9.6-19.1.src.rpm [ via FTP ] [ via HTTP ]	`b104d510791634354daf5428082a506b`
openssl095a-0.9.5a-23.7.1.src.rpm [ via FTP ] [ via HTTP ]	`0bfd01b7b1e0262d86ebdc2973aeb73a`

ppc:
openssl-0.9.6-19.1.ppc.rpm [ via FTP ] [ via HTTP ]	`366650023ad561006af07e22bbb859c3`
openssl-devel-0.9.6-19.1.ppc.rpm [ via FTP ] [ via HTTP ]	`e5f84b83f835f78a7c17ed3bd57653d6`
openssl-perl-0.9.6-19.1.ppc.rpm [ via FTP ] [ via HTTP ]	`42f029fb52c032dc5701b71738b6d214`
openssl-python-0.9.6-19.1.ppc.rpm [ via FTP ] [ via HTTP ]	`6c1afc9c9886a334138373134fd253b9`
openssl095a-0.9.5a-23.7.1.ppc.rpm [ via FTP ] [ via HTTP ]	`6625d783dc1b490f0a35d2b28b0b535f`

Red Hat Linux 7.1 for pSeries

SRPMS:
openssl-0.9.6-19.1.src.rpm [ via FTP ] [ via HTTP ]	`b104d510791634354daf5428082a506b`
openssl095a-0.9.5a-23.7.1.src.rpm [ via FTP ] [ via HTTP ]	`0bfd01b7b1e0262d86ebdc2973aeb73a`

ppc:
openssl-0.9.6-19.1.ppc.rpm [ via FTP ] [ via HTTP ]	`366650023ad561006af07e22bbb859c3`
openssl-devel-0.9.6-19.1.ppc.rpm [ via FTP ] [ via HTTP ]	`e5f84b83f835f78a7c17ed3bd57653d6`
openssl-perl-0.9.6-19.1.ppc.rpm [ via FTP ] [ via HTTP ]	`42f029fb52c032dc5701b71738b6d214`
openssl-python-0.9.6-19.1.ppc.rpm [ via FTP ] [ via HTTP ]	`6c1afc9c9886a334138373134fd253b9`
openssl095a-0.9.5a-23.7.1.ppc.rpm [ via FTP ] [ via HTTP ]	`6625d783dc1b490f0a35d2b28b0b535f`

Red Hat Linux 7.2

SRPMS:
openssl-0.9.6b-35.7.src.rpm [ via FTP ] [ via HTTP ]	`9d82266fda42b9272ff30b6541600412`
openssl095a-0.9.5a-23.7.3.src.rpm [ via FTP ] [ via HTTP ]	`dfa32bec87555eadabd637b7034e0165`
openssl096-0.9.6-23.7.src.rpm [ via FTP ] [ via HTTP ]	`6490df50c9746fbd3e719af42657bbab`

i386:
openssl-0.9.6b-35.7.i386.rpm [ via FTP ] [ via HTTP ]	`ed16918820e56e8497bc6d27bd9da7d7`
openssl-devel-0.9.6b-35.7.i386.rpm [ via FTP ] [ via HTTP ]	`4f34511877a374a47291f5f8c9c6aa70`
openssl-perl-0.9.6b-35.7.i386.rpm [ via FTP ] [ via HTTP ]	`2519d525a9af5eb3025b0f1b92a43b1a`
openssl095a-0.9.5a-23.7.3.i386.rpm [ via FTP ] [ via HTTP ]	`1d520359aa1c2c48f8a026d1391b9fa9`
openssl096-0.9.6-23.7.i386.rpm [ via FTP ] [ via HTTP ]	`555d808ef4816738608871a41664a580`

i686:
openssl-0.9.6b-35.7.i686.rpm [ via FTP ] [ via HTTP ]	`545840cf2e61962459e6b0725908759e`

ia64:
openssl-0.9.6b-35.7.ia64.rpm [ via FTP ] [ via HTTP ]	`9cd2a3747be2fff06ab9320a70aa9755`
openssl-devel-0.9.6b-35.7.ia64.rpm [ via FTP ] [ via HTTP ]	`3667cfdb224f43224348707590fa0edb`
openssl-perl-0.9.6b-35.7.ia64.rpm [ via FTP ] [ via HTTP ]	`6c0a1857e028c56b0bba8070a8c5e223`
openssl095a-0.9.5a-23.7.3.ia64.rpm [ via FTP ] [ via HTTP ]	`f6bc25dc552e1ac86c94d29264689a8a`
openssl096-0.9.6-23.7.ia64.rpm [ via FTP ] [ via HTTP ]	`de22871be5c4a3a1af8064fd7dfff4ec`

Red Hat Linux 7.3

SRPMS:
openssl-0.9.6b-35.7.src.rpm [ via FTP ] [ via HTTP ]	`9d82266fda42b9272ff30b6541600412`
openssl095a-0.9.5a-23.7.3.src.rpm [ via FTP ] [ via HTTP ]	`dfa32bec87555eadabd637b7034e0165`
openssl096-0.9.6-23.7.src.rpm [ via FTP ] [ via HTTP ]	`6490df50c9746fbd3e719af42657bbab`

i386:
openssl-0.9.6b-35.7.i386.rpm [ via FTP ] [ via HTTP ]	`ed16918820e56e8497bc6d27bd9da7d7`
openssl-devel-0.9.6b-35.7.i386.rpm [ via FTP ] [ via HTTP ]	`4f34511877a374a47291f5f8c9c6aa70`
openssl-perl-0.9.6b-35.7.i386.rpm [ via FTP ] [ via HTTP ]	`2519d525a9af5eb3025b0f1b92a43b1a`
openssl095a-0.9.5a-23.7.3.i386.rpm [ via FTP ] [ via HTTP ]	`1d520359aa1c2c48f8a026d1391b9fa9`
openssl096-0.9.6-23.7.i386.rpm [ via FTP ] [ via HTTP ]	`555d808ef4816738608871a41664a580`

i686:
openssl-0.9.6b-35.7.i686.rpm [ via FTP ] [ via HTTP ]	`545840cf2e61962459e6b0725908759e`

Red Hat Linux 8.0

SRPMS:
openssl-0.9.6b-35.8.src.rpm [ via FTP ] [ via HTTP ]	`037c98f46ef2693828858484c60d072a`
openssl095a-0.9.5a-23.8.src.rpm [ via FTP ] [ via HTTP ]	`39cdc5e03f35c1849a9970c6c3352ecc`
openssl096-0.9.6-23.8.src.rpm [ via FTP ] [ via HTTP ]	`fc2198f4bfc61082b50cab87f53fae49`

i386:
openssl-0.9.6b-35.8.i386.rpm [ via FTP ] [ via HTTP ]	`b55dd770fb47b8f15c5c90e8e71b6f84`
openssl-devel-0.9.6b-35.8.i386.rpm [ via FTP ] [ via HTTP ]	`daad928443cedbf975f488cdb384523f`
openssl-perl-0.9.6b-35.8.i386.rpm [ via FTP ] [ via HTTP ]	`702f7138342bc659a10c13e2ad99f1be`
openssl095a-0.9.5a-23.8.i386.rpm [ via FTP ] [ via HTTP ]	`2e8eb05b7b49874c6af595520bbca47b`
openssl096-0.9.6-23.8.i386.rpm [ via FTP ] [ via HTTP ]	`6b76e4ab1d3cb4245aabd6eee7411908`

i686:
openssl-0.9.6b-35.8.i686.rpm [ via FTP ] [ via HTTP ]	`e5f6d35643545136a96f4bb32f00f4f0`

解決法:

このアップデートを適用する前に、システムに関連するリリース済の errata が適用済であることをご確認ください。
それぞれのアーキテクチャで全てのRPMをアップデートするには、以下のコマンドを実行してください：

rpm -Fvh [filename]

[filename] は、アップデートしたいRPMのファイル名です。現在インストールされているパッケージのみ、アップグレードされます。現在いるディレクトリにインストールしたいRPM *しか* 無い場合には、ワイルドカード (*.rpm) も使うことができます。
このアップデートは、Red Hat Network 経由でも行なえます。アップデートを適用する非常に簡便な方法です。Red hat Network をご利用になるには、以下のコマンドで、アップデートエージェントを起動してください。

up2date

このコマンドで、システムに適切なRPMをアップグレードする対話形式のプロセスを起動します。

参照:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544
http://www.niscc.gov.uk/
http://www.openssl.org/news/secadv_20030930.txt

キーワード:

ASN.1, ASN1, openSSL

ここに在るパッケージはセキュリティの為、 Red Hat, Inc. によって、 GPG 認証されています。キーは以下から利用可能になっています:
http://www.redhat.com/about/contact.html

各パッケージを確認するには次のコマンドをご利用ください: rpm --checksig filename
各パッケージが壊れていないか、もしくは改ざんされていないかを確認するには、以下のコマンドで MD5 チェックサムをお調べください: rpm --checksig --nogpg filename
注意: GnuPG キーをチェックするためには、RPM 3.0 以上が必要です。

メインリンク:

Links for this section: