FrSIRT - Fedora Security Update Fixes OpenSSL Code Execution Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes OpenSSL Code Execution Vulnerabilities

Title : Fedora Security Update Fixes OpenSSL Code Execution Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-3516
CVE ID : CVE-2007-4995 - CVE-2007-5135
Rated as : High Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-10-17

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

0b29b061b07bcc499b1e3713b43c6e74c5d5799b SRPMS/openssl-0.9.8b-15.fc6.src.rpm
0b29b061b07bcc499b1e3713b43c6e74c5d5799b noarch/openssl-0.9.8b-15.fc6.src.rpm
e5947ab94c1be21b69c828a7003ec182129924ca ppc/openssl-devel-0.9.8b-15.fc6.ppc.rpm
bb48c6445ec7ef4d335a0b728b271488cc75fe80 ppc/debug/openssl-debuginfo-0.9.8b-15.fc6.ppc.rpm
f9dbd95711d1d671d4f3a98e3b1e3a773546c628 ppc/openssl-perl-0.9.8b-15.fc6.ppc.rpm
9bdba2bdc4669aa9330392cc2306c53cc1f31821 ppc/openssl-0.9.8b-15.fc6.ppc.rpm
164227db4e72c170c3717d06f15d299c12a28796 x86_64/openssl-0.9.8b-15.fc6.x86_64.rpm
489e9d68a23bd6f3257fd0e97025ea6fdb2f2aa1 x86_64/debug/openssl-debuginfo-0.9.8b-15.fc6.x86_64.rpm
39a3d0b4fa9b48251f082457fe3ab26f5a6d1068 x86_64/openssl-perl-0.9.8b-15.fc6.x86_64.rpm
fa947aa3cf3f2fc18dfc98684e12009c0e360fcf x86_64/openssl-devel-0.9.8b-15.fc6.x86_64.rpm
99ff54639cba70d0bcf7d9f40029922ac29e4be6 i386/openssl-devel-0.9.8b-15.fc6.i386.rpm
b4c2dd0bee9df3bedee190449b536c3e4b1e8355 i386/debug/openssl-debuginfo-0.9.8b-15.fc6.i386.rpm
a50c0df691bd247b9bf9b5287028d3cf6e89907c i386/openssl-0.9.8b-15.fc6.i386.rpm
918726294f79400ec2156feb111504304dfe6643 i386/openssl-perl-0.9.8b-15.fc6.i386.rpm
def46b59c096aa54c8cf1be42e8dd16f64cdceb9 i386/debug/openssl-debuginfo-0.9.8b-15.fc6.i686.rpm
2af70ea377ba1564739cb76b997e4f9f3893793a i386/openssl-0.9.8b-15.fc6.i686.rpm

ChangeLog

2007-10-17 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability
	IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability
	IBM Hardware Management Console Cross Site Scripting Vulnerabilities
	IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability
	IBM DB2 Multiple Buffer Overflow and Security Bypass Vulnerabilities
	IBM WebSphere Application Server Security Exposure Vulnerability
	IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities

	Apple Mac OS X Command Execution and Security Bypass Issues
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability
	Apple Safari Code Execution and Information Disclosure Vulnerabilities
	Apple QuickTime Multiple File Handling Code Execution Vulnerabilities
	Apple Safari for Windows Remote Code Execution Vulnerability
	Apple Mac OS X Command Execution and Security Bypass Issues

	Microsoft Internet Explorer Frame Cross-Domain Scripting Vulnerability
	Microsoft Internet Explorer "location" Cross-Domain Scripting Issue
	Microsoft Windows PGM Remote Denial of Service Vulnerability (MS08-036)
	Microsoft Active Directory Remote Denial of Service (MS08-035)
	Microsoft Windows WINS Local Privilege Escalation Vulnerability (MS08-034)
	Microsoft Windows DirectX Remote Code Execution (MS08-033)
	Microsoft Windows Speech API Remote Code Execution (MS08-032)