Re: OpenSSL patches for other versions

From: Ademar de Souza Reis Jr. (ademarat_private)
Date: Tue Jul 30 2002 - 10:42:12 PDT

Next message: Trustix Secure Linux Advisor: "TSLSA-2002-0064 - util-linux"

Previous message: Andrew Pimlott: "Re: RAZOR advisory: Linux util-linux chfn local root vulnerability"
In reply to: Ben Laurie: "OpenSSL patches for other versions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 30, 2002 at 11:15:00AM +0100, Ben Laurie wrote:
> Enclosed are patches for today's OpenSSL security alert which apply to
> other versions. The patch for 0.9.7 is supplied by Ben Laurie
> <benat_private> and the remainder by Vincent Danen (email not
> supplied).
> 
> Patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c, 0.9.7-dev.
> 
> These patches are known to apply correctly but have not been
> thoroughly tested.

Hello.

While checking the patches you sent I noticed that in the ones for
openssh < 0.9.7-dev, the ASN.1 fix is not present (several checks in
crypto/asn1/asn1_lib.c).

So I backported the fixes based on 0.9.7-dev and in a patch for 0.9.6d sent
by Ben Laurie to openssl-teamat_private on July27 (subject: Final
version?).

Patches for 0.9.5a, 0.9.6a and 0.9.6b including fix for ASN.1 vulns attached.
They're not well tested yet - after sucessful compilation.

Cheers.
   - Ademar

-- 
Ademar de Souza Reis Jr. <ademarat_private>

^[:wq!

text/plain attachment: openssl-0.9.5a-security.patch

text/plain attachment: openssl-0.9.6a-security.patch

text/plain attachment: openssl-0.9.6b-security.patch

Next message: Trustix Secure Linux Advisor: "TSLSA-2002-0064 - util-linux"
Previous message: Andrew Pimlott: "Re: RAZOR advisory: Linux util-linux chfn local root vulnerability"
In reply to: Ben Laurie: "OpenSSL patches for other versions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 30 2002 - 12:28:28 PDT