FrSIRT - Fedora Security Update Fixes OpenSSL Code Execution Vulnerabilities / Exploit

French Security Incident Response Team

Français

English

Fedora Security Update Fixes OpenSSL Code Execution Vulnerabilities

Date de Publication : 2007-10-17 © FrSIRT.COM
Titre : Fedora Security Update Fixes OpenSSL Code Execution Vulnerabilities
Identifiant : FrSIRT/AVIS-2007-3516
CVE ID : CVE-2007-4995 - CVE-2007-5135
Risque : Elevé (3/4) -

Exploitable à distance : Oui
Exploitable en local : Oui

En savoir plus

Description

Produits affectés

Solution

Références

Description Technique

Plusieurs vulnérabilités ont été identifiées dans Fedora, elles pourraient être exploitées par des attaquants afin de causer un déni de service ou exécuter un code arbitraire [...]

Solution

Installer les mises à jour :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

0b29b061b07bcc499b1e3713b43c6e74c5d5799b SRPMS/openssl-0.9.8b-15.fc6.src.rpm
0b29b061b07bcc499b1e3713b43c6e74c5d5799b noarch/openssl-0.9.8b-15.fc6.src.rpm
e5947ab94c1be21b69c828a7003ec182129924ca ppc/openssl-devel-0.9.8b-15.fc6.ppc.rpm
bb48c6445ec7ef4d335a0b728b271488cc75fe80 ppc/debug/openssl-debuginfo-0.9.8b-15.fc6.ppc.rpm
f9dbd95711d1d671d4f3a98e3b1e3a773546c628 ppc/openssl-perl-0.9.8b-15.fc6.ppc.rpm
9bdba2bdc4669aa9330392cc2306c53cc1f31821 ppc/openssl-0.9.8b-15.fc6.ppc.rpm
164227db4e72c170c3717d06f15d299c12a28796 x86_64/openssl-0.9.8b-15.fc6.x86_64.rpm
489e9d68a23bd6f3257fd0e97025ea6fdb2f2aa1 x86_64/debug/openssl-debuginfo-0.9.8b-15.fc6.x86_64.rpm
39a3d0b4fa9b48251f082457fe3ab26f5a6d1068 x86_64/openssl-perl-0.9.8b-15.fc6.x86_64.rpm
fa947aa3cf3f2fc18dfc98684e12009c0e360fcf x86_64/openssl-devel-0.9.8b-15.fc6.x86_64.rpm
99ff54639cba70d0bcf7d9f40029922ac29e4be6 i386/openssl-devel-0.9.8b-15.fc6.i386.rpm
b4c2dd0bee9df3bedee190449b536c3e4b1e8355 i386/debug/openssl-debuginfo-0.9.8b-15.fc6.i386.rpm
a50c0df691bd247b9bf9b5287028d3cf6e89907c i386/openssl-0.9.8b-15.fc6.i386.rpm
918726294f79400ec2156feb111504304dfe6643 i386/openssl-perl-0.9.8b-15.fc6.i386.rpm
def46b59c096aa54c8cf1be42e8dd16f64cdceb9 i386/debug/openssl-debuginfo-0.9.8b-15.fc6.i686.rpm
2af70ea377ba1564739cb76b997e4f9f3893793a i386/openssl-0.9.8b-15.fc6.i686.rpm

Historique

2007-10-17 : Version Initiale

Recevez les bulletins FrSIRT

Le service FrSIRT VNS permet aux professionnels de la sécurité (RSSI, DSI, administrateurs et consultants) de recevoir en temps-réel, par email, SMS et flux RSS/XML, des bulletins de vulnérabilités complets, détaillés et personnalisés.

Recherche

Newsletter

	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution Vulnerabilities
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues

	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability
	IBM Lotus Quickr Multiple Cross Site Scripting Vulnerabilities
	IBM WebSphere Portal Remote Authentication Bypass Vulnerability
	IBM Rational ClearQuest Login Page Cross Site Scripting Vulnerability
	IBM WebSphere Application Server Security Exposure Vulnerabilities

	Apple Mac OS X Code Execution Vulnerabilities
	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Xcode Code Execution and Information Disclosure Vulnerabilities
	Apple TV Data Processing Remote Code Execution Vulnerabilities
	Apple Mac OS X Command Execution Vulnerabilities
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability