Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Fedora Security Update Fixes OpenSSL Code Execution Vulnerabilities

Title : Fedora Security Update Fixes OpenSSL Code Execution Vulnerabilities
VUPEN ID : VUPEN/ADV-2007-3516
CVE ID : CVE-2007-4995 - CVE-2007-5135
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-10-17

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format 

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service or execute arbitrary code. These issues are caused by errors in OpenSSL. For additional information, see : VUPEN/ADV-2007-3325 - VUPEN/ADV-2007-3487

Affected Products

Fedora Core 6

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

0b29b061b07bcc499b1e3713b43c6e74c5d5799b SRPMS/openssl-0.9.8b-15.fc6.src.rpm
0b29b061b07bcc499b1e3713b43c6e74c5d5799b noarch/openssl-0.9.8b-15.fc6.src.rpm
e5947ab94c1be21b69c828a7003ec182129924ca ppc/openssl-devel-0.9.8b-15.fc6.ppc.rpm
bb48c6445ec7ef4d335a0b728b271488cc75fe80 ppc/debug/openssl-debuginfo-0.9.8b-15.fc6.ppc.rpm
f9dbd95711d1d671d4f3a98e3b1e3a773546c628 ppc/openssl-perl-0.9.8b-15.fc6.ppc.rpm
9bdba2bdc4669aa9330392cc2306c53cc1f31821 ppc/openssl-0.9.8b-15.fc6.ppc.rpm
164227db4e72c170c3717d06f15d299c12a28796 x86_64/openssl-0.9.8b-15.fc6.x86_64.rpm
489e9d68a23bd6f3257fd0e97025ea6fdb2f2aa1 x86_64/debug/openssl-debuginfo-0.9.8b-15.fc6.x86_64.rpm
39a3d0b4fa9b48251f082457fe3ab26f5a6d1068 x86_64/openssl-perl-0.9.8b-15.fc6.x86_64.rpm
fa947aa3cf3f2fc18dfc98684e12009c0e360fcf x86_64/openssl-devel-0.9.8b-15.fc6.x86_64.rpm
99ff54639cba70d0bcf7d9f40029922ac29e4be6 i386/openssl-devel-0.9.8b-15.fc6.i386.rpm
b4c2dd0bee9df3bedee190449b536c3e4b1e8355 i386/debug/openssl-debuginfo-0.9.8b-15.fc6.i386.rpm
a50c0df691bd247b9bf9b5287028d3cf6e89907c i386/openssl-0.9.8b-15.fc6.i386.rpm
918726294f79400ec2156feb111504304dfe6643 i386/openssl-perl-0.9.8b-15.fc6.i386.rpm
def46b59c096aa54c8cf1be42e8dd16f64cdceb9 i386/debug/openssl-debuginfo-0.9.8b-15.fc6.i686.rpm
2af70ea377ba1564739cb76b997e4f9f3893793a i386/openssl-0.9.8b-15.fc6.i686.rpm

References

http://www.vupen.com/english/advisories/2007/3516
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html

ChangeLog

2007-10-17 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-07-06

     

  Microsoft Windows 0-Day
  Flaw Exploited in the Wild


  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy