| version 1.210, 1999/12/08 01:34:20 |
version 1.211, 1999/12/14 19:41:42 |
|
|
| <li><font color=#009000><strong>SECURITY FIX: Dec 2, 1999</strong></font><br> |
<li><font color=#009000><strong>SECURITY FIX: Dec 2, 1999</strong></font><br> |
| A buffer overflow in the RSAREF code included in the |
A buffer overflow in the RSAREF code included in the |
| USA version of the libssl package (called <strong>sslUSA</strong>, is |
USA version of the libssl package (called <strong>sslUSA</strong>, is |
| possibly exploitable in httpd, ssh, or isakmpd, if SSL/RSA features |
possibly exploitable in isakmpd if SSL/RSA features |
| are enabled or used.<br> |
are enabled or used.<br> |
| |
<a href=http://www.openssh.com>OpenSSH</a> and httpd (with -DSSL) are not |
| |
vulnerable.<br> |
| <strong>NOTE: International users using the ssl26 package are not affected.</strong> |
<strong>NOTE: International users using the ssl26 package are not affected.</strong> |
| <p> |
<p> |
| To check what package you are using, use |
To check what package you are using, use |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www