version 1.210, 1999/12/08 01:34:20 |
version 1.211, 1999/12/14 19:41:42 |
|
|
<li><font color=#009000><strong>SECURITY FIX: Dec 2, 1999</strong></font><br> |
<li><font color=#009000><strong>SECURITY FIX: Dec 2, 1999</strong></font><br> |
A buffer overflow in the RSAREF code included in the |
A buffer overflow in the RSAREF code included in the |
USA version of the libssl package (called <strong>sslUSA</strong>, is |
USA version of the libssl package (called <strong>sslUSA</strong>, is |
possibly exploitable in httpd, ssh, or isakmpd, if SSL/RSA features |
possibly exploitable in isakmpd if SSL/RSA features |
are enabled or used.<br> |
are enabled or used.<br> |
|
<a href=http://www.openssh.com>OpenSSH</a> and httpd (with -DSSL) are not |
|
vulnerable.<br> |
<strong>NOTE: International users using the ssl26 package are not affected.</strong> |
<strong>NOTE: International users using the ssl26 package are not affected.</strong> |
<p> |
<p> |
To check what package you are using, use |
To check what package you are using, use |