Fw: OpenSSL-0.9.6a has security fixes
j.stifter at medres.ch
Wed Apr 25 12:08:12 PDT 2001
this should make it into the lfs-hint and in all your systems...
On Tue, 24 Apr 2001 15:40:07 -0400, Jim Knoble <jmknoble at JMKNOBLE.CX>
>This doesn't seem to have been announced here: OpenSSL-0.9.6a appears
>to have been released somewhat quietly, and also appears to include
>several security fixes:
> - Security fix: change behavior of OpenSSL to avoid using environment
> variables when running as root.
> - Security fix: check the result of RSA-CRT to reduce the possibility
> of deducing the private key from an incorrectly calculated signature.
> - Security fix: prevent Bleichenbacher's DSA attack.
> - Security fix: Zero the premaster secret after deriving the master
> secret in DH ciphersuites.
> We consider OpenSSL 0.9.6a to be the best version of OpenSSL
> available and we strongly recommend that users of older versions,
> especially of old SSLeay versions, upgrade as soon as possible.
>Complete text of the announcement available at:
>jim knoble | jmknoble at jmknoble.cx | http://www.jmknoble.cx/
>(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
More information about the lfs-security