-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2002-59 http://www/turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Openssl OpencSsl 0.9.6e bug fix Release date : 2002-08-29 Fix : openssl-0.9.6g-2 openssh-3.4p1-10 Problem: In the OpencSsl 0.9.6e, the Bug existed, there was announcement, from the OpencSsl Project. [ The local user authority capture with the buffer overflow ] Http: //www.turbolinux.co.jp/security/openssl-0.9.6e-1.html Solution: Please execute the command below, verify version. From the version which is indicated version before in case of use please do update. # rpm -qa | grep package name When it corresponds to this problem, please download the up-to-date package do the update of the package by the command below. Furthermore, please read change and execute in the package number which downloads and concerning version number. " The \ " sign of explanatory Bunchu without starting a new paragraph continuing, has displayed the fact that it appoints. Execution example --------------------------------------------------------------------- # rpm -Fvh Package-1.0.0-1.i586.rpm \ Package-doc-1.0.0-1.i586.rpm \ Package-devel-1.0.0-1.i586.rpm The case where rpm command is executed, please appoint as follows on the command line. # rpm -Fvh package-1.0.0-1.i586.rpm package-doc-1.0.0-1.i586.rpm package-devel-1.0.0-1.i586.rpm --------------------------------------------------------------------- < Turbolinux 8 Workstation > < Turbolinux 7 Server > < Turbolinux 7 Workstation > # rpm -Fvh openssl-0.9.6g-2.i586.rpm \ openssl-devel-0.9.6g-2.i586.rpm \ apache-1.3.26-6.i586.rpm \ apache-devel-1.3.26-6.i586.rpm \ apache-manual-1.3.26-6.i586.rpm \ mod_ssl-2.8.10-6.i586.rpm \ openssh-3.4p1-10.i586.rpm \ openssh-askpass-3.4p1-10.i586.rpm \ openssh-clients-3.4p1-10.i586.rpm \ openssh-server-3.4p1-10.i586.rpm < Turbolinux Server 6.5 > # rpm -Fvh openssl-0.9.6g-2.i386.rpm \ openssl-devel-0.9.6g-2.i386.rpm \ apache-1.3.26-6.i386.rpm \ apache-devel-1.3.26-6.i386.rpm \ apache-manual-1.3.26-6.i386.rpm \ mod_ssl-2.8.10-6.i386.rpm \ openssh-3.4p1-10.i386.rpm \ openssh-askpass-3.4p1-10.i386.rpm \ openssh-clients-3.4p1-10.i386.rpm \ openssh-server-3.4p1-10.i386.rpm < Turbolinux Advanced Server 6 > # rpm -Fvh openssl-0.9.6g-2.i386.rpm \ openssl-devel-0.9.6g-2.i386.rpm \ apache-1.3.23-9.i386.rpm \ apache-devel-1.3.23-9.i386.rpm \ apache-manual-1.3.23-9.i386.rpm \ mod_ssl-2.8.10-6.i386.rpm \ openssh-3.4p1-10.i386.rpm \ openssh-askpass-3.4p1-10.i386.rpm \ openssh-askpass-gnome-3.4p1-10.i386.rpm \ openssh-clients-3.4p1-10.i386.rpm \ openssh-server-3.4p1-10.i386.rpm \ php-3.0.18-11jaJP.i386.rpm \ php-imap-3.0.18-11jaJP.i386.rpm \ php-ldap-3.0.18-11jaJP.i386.rpm \ php-manual-3.0.18-11jaJP.i386.rpm \ php-mysql-3.0.18-11jaJP.i386.rpm \ php-pgsql-3.0.18-11jaJP.i386.rpm < Turbolinux Server 6.1 > # rpm -Fvh openssl-0.9.6g-2.i386.rpm \ openssl-devel-0.9.6g-2.i386.rpm \ apache-1.3.23-9.i386.rpm \ apache-devel-1.3.23-9.i386.rpm \ apache-manual-1.3.23-9.i386.rpm \ mod_ssl-2.8.7-9.i386.rpm \ openssh-3.4p1-10.i386.rpm \ openssh-askpass-gnome-3.4p1-10.i386.rpm \ openssh-clients-3.4p1-10.i386.rpm \ openssh-server-3.4p1-10.i386.rpm \ php-3.0.18-11jaJP.i386.rpm \ php-imap-3.0.18-11jaJP.i386.rpm \ php-ldap-3.0.18-11jaJP.i386.rpm \ php-manual-3.0.18-11jaJP.i386.rpm \ php-mysql-3.0.18-11jaJP.i386.rpm \ php-pgsql-3.0.18-11jaJP.i386.rpm < Turbolinux Workstation 6.0 > # rpm -Fvh openssl-0.9.6g-2.i386.rpm \ openssl-devel-0.9.6g-2.i386.rpm \ openssh-3.4p1-10.i386.rpm \ openssh-askpass-3.4p1-10.i386.rpm \ openssh-askpass-gnome-3.4p1-10.i386.rpm \ openssh-clients-3.4p1-10.i386.rpm \ openssh-server-3.4p1-10.i386.rpm 2002.8.29 Turbolinux Server the php package for 6.1 and Turbolinux Advanced Server 6 was added. Package updates: http://www.turbolinux.co.jp/update/