var-200901-0714
Vulnerability from variot
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. F5's FirePass server is a powerful network device that can provide users with secure access to the company's network through any standard web browser. F5 FirePass products have unidentified security vulnerabilities, allowing malicious users to conduct fraud and forgery attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2009-0004 Synopsis: ESX Service Console updates for openssl, bind, and vim Issue date: 2009-03-31 Updated on: 2009-03-31 (initial release of advisory) CVE numbers: CVE-2008-5077 CVE-2009-0025 CVE-2008-4101 CVE-2008-3432 CVE-2008-2712 CVE-2007-2953
- Summary
ESX patches for OpenSSL, vim and bind resolve several security issues.
- Relevant releases
VMware ESX 3.0.3 without patches ESX303-200903406-SG, ESX303-200903405-SG, ESX303-200903403-SG
VMware ESX 3.0.2 without patches ESX-1008409, ESX-1008408, ESX-1008406
Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available.
- Problem Description
a. Updated OpenSSL package for the Service Console fixes a security issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-5077 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX ESX303-200903406-SG
ESX 3.0.2 ESX ESX-1008409
ESX 2.5.5 ESX affected, patch pending
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. Update bind package for the Service Console fixes a security issue.
A flaw was discovered in the way Berkeley Internet Name Domain
(BIND) checked the return value of the OpenSSL DSA_do_verify
function.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0025 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX ESX303-200903405-SG
ESX 3.0.2 ESX ESX-1008408
ESX 2.5.5 ESX affected, patch pending
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
c. Updated vim package for the Service Console addresses several security issues.
Several input flaws were found in Visual editor IMproved's (Vim)
keyword and tag handling. If Vim looked up a document's maliciously
crafted tag or keyword, it was possible to execute arbitrary code as
the user running Vim.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-4101 to this issue.
A heap-based overflow flaw was discovered in Vim's expansion of file
name patterns with shell wildcards. An attacker could create a
specially crafted file or directory name, when opened by Vim causes
the application to stop responding or execute arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-3432 to this issue.
Several input flaws were found in various Vim system functions. If a
user opened a specially crafted file, it was possible to execute
arbitrary code as the user running Vim.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-2712 to this issue.
A format string flaw was discovered in Vim's help tag processor. If
a user was tricked into executing the "helptags" command on
malicious data, arbitrary code could be executed with the
permissions of the user running VIM.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-2953 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX ESX303-200903403-SG
ESX 3.0.2 ESX ESX-1008406
ESX 2.5.5 ESX affected, patch pending
-
hosted products are VMware Workstation, Player, ACE, Server, Fusion.
-
Solution
Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.
ESX
ESX 3.0.2 ESX-1008409 (openssl) http://download3.vmware.com/software/vi/ESX-1008409.tgz md5sum: cb25fd47bc0713b968d8778c033bc846 http://kb.vmware.com/kb/1008409
ESX 3.0.2 ESX-1008408 (bind) http://download3.vmware.com/software/vi/ESX-1008408.tgz md5sum: b6bd9193892a9c89b9b7a1e0456d2a9a http://kb.vmware.com/kb/1008408
ESX 3.0.2 ESX-1008406 (vim) http://download3.vmware.com/software/vi/ESX-1008406.tgz md5sum: f069daa58190b39e431cedbd26ce25ef http://kb.vmware.com/kb/1008406
ESX 3.0.3 ESX303-200903406-SG (openssl) http://download3.vmware.com/software/vi/ESX303-200903406-SG.zip md5sum: 45a2d32f9267deb5e743366c38652c92 http://kb.vmware.com/kb/1008416
ESX 3.0.3 ESX303-200903405-SG (bind) http://download3.vmware.com/software/vi/ESX303-200903405-SG.zip md5sum: 34d00fd9cca7f3e08c0857b4cc254710 http://kb.vmware.com/kb/1008415
ESX 3.0.3 ESX303-200903403-SG (vim) http://download3.vmware.com/software/vi/ESX303-200903403-SG.zip md5sum: 9790c9512aef18beaf0d1c7d405bed1a http://kb.vmware.com/kb/1008413
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3432 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953
- Change log
2009-03-31 VMSA-2009-0004 Initial security advisory after release of patches for ESX 3.0.2 and 3.0.3 on 2009-03-31.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2009 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32)
iD8DBQFJ0tgoS2KysvBH1xkRAiAbAJ4uG0NGavdQLzfxFyXnrxBQLqHl1QCdEf4q LA8+0sLvaS37smj8BQPdm0g= =ZVXY -----END PGP SIGNATURE----- .
Release Date: 2009-03-31 Last Updated: 2009-03-30
Potential Security Impact: Remote unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running OpenSSL. The vulnerability could be exploited remotely to allow an unauthorized access.
References: CVE-2008-5077
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2008-5077 (AV:R/AC:L/Au:N/C:N/I:P/A:N) 5.0 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided the following patches to resolve this vulnerability. The patches are available from the following location:
URL: http://software.hp.com
HP-UX Release HP-UX OpenSSL version
B.11.11 (11i v1) A.00.09.07m.046
B.11.23 (11i v2) A.00.09.07m.047
B.11.31 (11i v3) A.00.09.08j.003
MANUAL ACTIONS: Yes - Update
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
fips_1_1_2.FIPS-CONF fips_1_1_2.FIPS-DOC fips_1_1_2.FIPS-INC fips_1_1_2.FIPS-LIB fips_1_1_2.FIPS-MAN fips_1_1_2.FIPS-MIS fips_1_1_2.FIPS-RUN fips_1_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.1.2.046 or subsequent fips_1_2.FIPS-CONF fips_1_2.FIPS-DOC fips_1_2.FIPS-INC fips_1_2.FIPS-LIB fips_1_2.FIPS-MAN fips_1_2.FIPS-MIS fips_1_2.FIPS-RUN fips_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.2.001 or subsequent openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.07m.046 or subsequent URL: http://software.hp.com
HP-UX B.11.23
fips_1_1_2.FIPS-CONF fips_1_1_2.FIPS-DOC fips_1_1_2.FIPS-INC fips_1_1_2.FIPS-LIB fips_1_1_2.FIPS-MAN fips_1_1_2.FIPS-MIS fips_1_1_2.FIPS-RUN fips_1_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.1.2.047 or subsequent fips_1_2.FIPS-CONF fips_1_2.FIPS-DOC fips_1_2.FIPS-INC fips_1_2.FIPS-LIB fips_1_2.FIPS-LIB fips_1_2.FIPS-MAN fips_1_2.FIPS-MIS fips_1_2.FIPS-RUN fips_1_2.FIPS-RUN fips_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.2.002 or subsequent openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.07m.047 or subsequent URL: http://software.hp.com
HP-UX B.11.31
fips_1_1_2.FIPS-CONF fips_1_1_2.FIPS-DOC fips_1_1_2.FIPS-INC fips_1_1_2.FIPS-LIB fips_1_1_2.FIPS-MAN fips_1_1_2.FIPS-MIS fips_1_1_2.FIPS-RUN fips_1_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.1.2.048 or subsequent fips_1_2.FIPS-CONF fips_1_2.FIPS-DOC fips_1_2.FIPS-INC fips_1_2.FIPS-LIB fips_1_2.FIPS-MAN fips_1_2.FIPS-MIS fips_1_2.FIPS-RUN fips_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.2.003 or subsequent openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08j.003 or subsequent URL: http://software.hp.com
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 31 March 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-05
http://security.gentoo.org/
Severity: Normal Title: ntp: Certificate validation error Date: April 05, 2009 Bugs: #254098 ID: 200904-05
Synopsis
An error in the OpenSSL certificate chain validation in ntp might allow for spoofing attacks.
Background
ntp contains the client and daemon implementations for the Network Time Protocol.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.4_p6 >= 4.2.4_p6
Description
It has been reported that ntp incorrectly checks the return value of the EVP_VerifyFinal(), a vulnerability related to CVE-2008-5077 (GLSA 200902-02).
Impact
A remote attacker could exploit this vulnerability to spoof arbitrary names to conduct Man-In-The-Middle attacks and intercept sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All ntp users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.4_p6"
References
[ 1 ] CVE-2008-5077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 [ 2 ] CVE-2009-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021 [ 3 ] GLSA 200902-02 http://www.gentoo.org/security/en/glsa/glsa-200902-02.xml
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200904-05.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
Updated Packages:
Mandriva Linux 2008.0: 6585e08eab279e6a249630385683bf43 2008.0/i586/libopenssl0.9.8-0.9.8e-8.2mdv2008.0.i586.rpm b5955c2c0a2cc24abd9f5f3ebc7d0148 2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.2mdv2008.0.i586.rpm 7c92323d7aa583b936ef908f3f6ac867 2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.i586.rpm 2b791168311c3ecba4f8b7acd24e64ab 2008.0/i586/openssl-0.9.8e-8.2mdv2008.0.i586.rpm cf51c48e4c05ac5357f6076fbaeff0a5 2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 6259ac00622227eee59f888bc516bc3a 2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.2mdv2008.0.x86_64.rpm fe745327c1bbb599e025a5b90bb05817 2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm bdb7113b06aab0c4d77cbf86bcf208c2 2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm d4fda198a80b88c7caaf947af0866df8 2008.0/x86_64/openssl-0.9.8e-8.2mdv2008.0.x86_64.rpm cf51c48e4c05ac5357f6076fbaeff0a5 2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm
Mandriva Linux 2008.1: 4a0be98cd3fb82a22e3836c5ae81ed37 2008.1/i586/libopenssl0.9.8-0.9.8g-4.2mdv2008.1.i586.rpm 277058ecc1d26d24bf4da5ea27d4a31f 2008.1/i586/libopenssl0.9.8-devel-0.9.8g-4.2mdv2008.1.i586.rpm 29b08a5a233f1987c4ca98aaa4e97ac5 2008.1/i586/libopenssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.i586.rpm e47be879abc0c089a8f380469a6a62c8 2008.1/i586/openssl-0.9.8g-4.2mdv2008.1.i586.rpm 7395d0e10c1938be16261baba05da55c 2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64: 71a69804b928a9f7856f65fee332c5ab 2008.1/x86_64/lib64openssl0.9.8-0.9.8g-4.2mdv2008.1.x86_64.rpm e9c5d1d4895a5a679945bde62df6f988 2008.1/x86_64/lib64openssl0.9.8-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm 7f2d66839f93e2083dcd1b1f27ca4ddf 2008.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm 40408ffdf13faa6c79b28c764bb88b22 2008.1/x86_64/openssl-0.9.8g-4.2mdv2008.1.x86_64.rpm 7395d0e10c1938be16261baba05da55c 2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm
Mandriva Linux 2009.0: 2512f6a41e9a8e7bcff53e5737029689 2009.0/i586/libopenssl0.9.8-0.9.8h-3.1mdv2009.0.i586.rpm d7774faaed2866da5bb05cbcf07604da 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.1mdv2009.0.i586.rpm ed99160bdf1ce33fa81dc47c71915318 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.i586.rpm 6116fafed014596ee1e6ec43db93133f 2009.0/i586/openssl-0.9.8h-3.1mdv2009.0.i586.rpm 8ad6b0d8aff3bb992d716668450aef3a 2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: d2cc04fc0bdaeea8e4cc5d7ab4e997fd 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.1mdv2009.0.x86_64.rpm b537da3113c75f87c4fa8d66be2d6797 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm ef9add2bec302b324b9c0690cf79b57c 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm 16b8c11f4d6dedf2e4176bfc55607c15 2009.0/x86_64/openssl-0.9.8h-3.1mdv2009.0.x86_64.rpm 8ad6b0d8aff3bb992d716668450aef3a 2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm
Corporate 3.0: 5e8f4b7c1e646d0e16af2d83238a011b corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm 5115d911b9a6842fd0c3495429c7c2f2 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.9.C30mdk.i586.rpm b934b4f9686deef6cb1eba750ab36288 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.i586.rpm 11ec8a4df261d4d4fa9957d33be08604 corporate/3.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm dcd1a4feb1a04302c54465dce7c7c506 corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm
Corporate 3.0/X86_64: 64521521330df90b42c9c37cafe50b54 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.9.C30mdk.x86_64.rpm 3a85c30c0511e42ec76c80e08efe5192 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.9.C30mdk.x86_64.rpm 12af66f30c5022d8d29b57a9131458c3 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.x86_64.rpm 62f5c54be99ddc9458670ae04b24d3f0 corporate/3.0/x86_64/openssl-0.9.7c-3.9.C30mdk.x86_64.rpm dcd1a4feb1a04302c54465dce7c7c506 corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm
Corporate 4.0: 60c64d9ead2b01fb39058a705fcb95dc corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.7.20060mlcs4.i586.rpm fb4d5555c211b375707bf7d194e74776 corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.i586.rpm c13ff967b4310e5a790e85595f940b7e corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.i586.rpm e9a96a389c00ee674d689e3747c3e501 corporate/4.0/i586/openssl-0.9.7g-2.7.20060mlcs4.i586.rpm 4df38ebd98b467bdee0d4a24d3b0158f corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm
Corporate 4.0/X86_64: de71d0bbc98589afdf03b7a99aad7103 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.7.20060mlcs4.x86_64.rpm 0c330148b55987e50f491c7e4d3b65a5 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm ce64720b2685fada3e88a5725c43b532 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm 29f0f40602184d7f366e1d1d8e5c03e4 corporate/4.0/x86_64/openssl-0.9.7g-2.7.20060mlcs4.x86_64.rpm 4df38ebd98b467bdee0d4a24d3b0158f corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm
Multi Network Firewall 2.0: 74a4beac1c01f9fd888dd5eea356f7be mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm c809a08f26051c7a3931ccda00c94429 mnf/2.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm 8ae9f7004b77dca2317980ba4215dc92 mnf/2.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFJZqIYmqjQ0CJFipgRAqRNAKDNNvWgsIk0/eh5f8539zOJ7dtnnQCeJezP ZE8i9Ju80WcdhXe9yIoPevE= =9n1t -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP SSL v1.3 for OpenVMS Alpha (v 8.2 or higher) and Integrity (v 8.2-1 or higher)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200901-0714", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.3" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.6" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.5" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.3a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.4" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.5a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7f" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "openssl", "scope": "lte", "trust": 0.8, "vendor": "openssl", "version": "0.9.8i" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.4.11" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5 to v10.5.6" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.4.11" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5 to v10.5.6" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86-64)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0 (x86-64)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0 (x86-64)" }, { "model": "opensolaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "(sparc)" }, { "model": "opensolaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "(x86)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (x86)" }, { "model": "turbolinux appliance server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "1.0 (hosting)" }, { "model": "turbolinux appliance server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "1.0 (workgroup)" }, { "model": "turbolinux appliance server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "2.0" }, { "model": "turbolinux client", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "2008" }, { "model": "turbolinux fuji", "scope": null, "trust": 0.8, "vendor": "turbo linux", "version": null }, { "model": "turbolinux multimedia", "scope": null, "trust": 0.8, "vendor": "turbo linux", "version": null }, { "model": "turbolinux personal", "scope": null, "trust": 0.8, "vendor": "turbo linux", "version": null }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "10" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "10 (x64)" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "11" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "11 (x64)" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "8" }, { "model": "wizpy", "scope": null, "trust": 0.8, "vendor": "turbo linux", "version": null }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": null, "scope": null, "trust": 0.6, "vendor": "no", "version": null }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "0.9.8h" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-0376" }, { "db": "JVNDB", "id": "JVNDB-2009-001610" }, { "db": "CNNVD", "id": "CNNVD-200901-055" }, { "db": "NVD", "id": "CVE-2008-5077" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:openssl:openssl", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:sun:opensolaris", "vulnerable": true }, { "cpe22Uri": "cpe:/o:sun:solaris", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_client", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_wizpy", "vulnerable": true }, { "cpe22Uri": "cpe:/o:hp:hp-ux", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-001610" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Google Security team", "sources": [ { "db": "CNNVD", "id": "CNNVD-200901-055" } ], "trust": 0.6 }, "cve": "CVE-2008-5077", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2008-5077", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2008-5077", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2008-5077", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2008-5077", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200901-055", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-001610" }, { "db": "CNNVD", "id": "CNNVD-200901-055" }, { "db": "NVD", "id": "CVE-2008-5077" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. F5\u0027s FirePass server is a powerful network device that can provide users with secure access to the company\u0027s network through any standard web browser. F5 FirePass products have unidentified security vulnerabilities, allowing malicious users to conduct fraud and forgery attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2009-0004\nSynopsis: ESX Service Console updates for openssl, bind, and\n vim\nIssue date: 2009-03-31\nUpdated on: 2009-03-31 (initial release of advisory)\nCVE numbers: CVE-2008-5077 CVE-2009-0025 CVE-2008-4101\n CVE-2008-3432 CVE-2008-2712 CVE-2007-2953\n- ------------------------------------------------------------------------\n\n1. Summary\n\n ESX patches for OpenSSL, vim and bind resolve several security\n issues. \n\n2. Relevant releases\n\n VMware ESX 3.0.3 without patches ESX303-200903406-SG,\n ESX303-200903405-SG,\n ESX303-200903403-SG\n\n VMware ESX 3.0.2 without patches ESX-1008409, ESX-1008408,\n ESX-1008406\n\n Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. \n Users should plan to upgrade to ESX 3.0.3 and preferably to\n the newest release available. \n\n3. Problem Description\n\n a. Updated OpenSSL package for the Service Console fixes a\n security issue. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2008-5077 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi 3.5 ESXi not affected\n\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX ESX303-200903406-SG\n ESX 3.0.2 ESX ESX-1008409\n ESX 2.5.5 ESX affected, patch pending\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n b. Update bind package for the Service Console fixes a security issue. \n\n A flaw was discovered in the way Berkeley Internet Name Domain\n (BIND) checked the return value of the OpenSSL DSA_do_verify\n function. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0025 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi 3.5 ESXi not affected\n\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX ESX303-200903405-SG\n ESX 3.0.2 ESX ESX-1008408\n ESX 2.5.5 ESX affected, patch pending\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n c. Updated vim package for the Service Console addresses several\n security issues. \n\n Several input flaws were found in Visual editor IMproved\u0027s (Vim)\n keyword and tag handling. If Vim looked up a document\u0027s maliciously\n crafted tag or keyword, it was possible to execute arbitrary code as\n the user running Vim. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2008-4101 to this issue. \n\n A heap-based overflow flaw was discovered in Vim\u0027s expansion of file\n name patterns with shell wildcards. An attacker could create a\n specially crafted file or directory name, when opened by Vim causes\n the application to stop responding or execute arbitrary code. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2008-3432 to this issue. \n\n Several input flaws were found in various Vim system functions. If a\n user opened a specially crafted file, it was possible to execute\n arbitrary code as the user running Vim. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2008-2712 to this issue. \n\n A format string flaw was discovered in Vim\u0027s help tag processor. If\n a user was tricked into executing the \"helptags\" command on\n malicious data, arbitrary code could be executed with the\n permissions of the user running VIM. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-2953 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi 3.5 ESXi not affected\n\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX ESX303-200903403-SG\n ESX 3.0.2 ESX ESX-1008406\n ESX 2.5.5 ESX affected, patch pending\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum of your downloaded file. \n\n ESX\n ---\n ESX 3.0.2 ESX-1008409 (openssl)\n http://download3.vmware.com/software/vi/ESX-1008409.tgz\n md5sum: cb25fd47bc0713b968d8778c033bc846\n http://kb.vmware.com/kb/1008409\n\n ESX 3.0.2 ESX-1008408 (bind)\n http://download3.vmware.com/software/vi/ESX-1008408.tgz\n md5sum: b6bd9193892a9c89b9b7a1e0456d2a9a\n http://kb.vmware.com/kb/1008408\n\n ESX 3.0.2 ESX-1008406 (vim)\n http://download3.vmware.com/software/vi/ESX-1008406.tgz\n md5sum: f069daa58190b39e431cedbd26ce25ef\n http://kb.vmware.com/kb/1008406\n\n ESX 3.0.3 ESX303-200903406-SG (openssl)\n http://download3.vmware.com/software/vi/ESX303-200903406-SG.zip\n md5sum: 45a2d32f9267deb5e743366c38652c92\n http://kb.vmware.com/kb/1008416\n\n ESX 3.0.3 ESX303-200903405-SG (bind)\n http://download3.vmware.com/software/vi/ESX303-200903405-SG.zip\n md5sum: 34d00fd9cca7f3e08c0857b4cc254710\n http://kb.vmware.com/kb/1008415\n\n ESX 3.0.3 ESX303-200903403-SG (vim)\n http://download3.vmware.com/software/vi/ESX303-200903403-SG.zip\n md5sum: 9790c9512aef18beaf0d1c7d405bed1a\n http://kb.vmware.com/kb/1008413\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3432\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-03-31 VMSA-2009-0004\nInitial security advisory after release of patches for ESX 3.0.2 and\n3.0.3 on 2009-03-31. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2009 VMware Inc. All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (MingW32)\n\niD8DBQFJ0tgoS2KysvBH1xkRAiAbAJ4uG0NGavdQLzfxFyXnrxBQLqHl1QCdEf4q\nLA8+0sLvaS37smj8BQPdm0g=\n=ZVXY\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2009-03-31\nLast Updated: 2009-03-30\n\nPotential Security Impact: Remote unauthorized access\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running OpenSSL. The vulnerability could be exploited remotely to allow an unauthorized access. \n\nReferences: CVE-2008-5077\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics \n===============================================\nReference Base Vector Base Score \nCVE-2008-5077 (AV:R/AC:L/Au:N/C:N/I:P/A:N) 5.0\n===============================================\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n \nRESOLUTION\n\nHP has provided the following patches to resolve this vulnerability. \nThe patches are available from the following location: \n\nURL: http://software.hp.com \n\nHP-UX Release \n HP-UX OpenSSL version \n \nB.11.11 (11i v1)\n A.00.09.07m.046\n \nB.11.23 (11i v2)\n A.00.09.07m.047\n \nB.11.31 (11i v3)\n A.00.09.08j.003\n \nMANUAL ACTIONS: Yes - Update \n\nPRODUCT SPECIFIC INFORMATION \n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS \n\nHP-UX B.11.11 \n================== \nfips_1_1_2.FIPS-CONF \nfips_1_1_2.FIPS-DOC \nfips_1_1_2.FIPS-INC \nfips_1_1_2.FIPS-LIB \nfips_1_1_2.FIPS-MAN \nfips_1_1_2.FIPS-MIS \nfips_1_1_2.FIPS-RUN \nfips_1_1_2.FIPS-SRC \naction: install revision FIPS-OPENSSL-1.1.2.046 or subsequent \nfips_1_2.FIPS-CONF \nfips_1_2.FIPS-DOC \nfips_1_2.FIPS-INC \nfips_1_2.FIPS-LIB \nfips_1_2.FIPS-MAN \nfips_1_2.FIPS-MIS \nfips_1_2.FIPS-RUN \nfips_1_2.FIPS-SRC \naction: install revision FIPS-OPENSSL-1.2.001 or subsequent \nopenssl.OPENSSL-CER \nopenssl.OPENSSL-CONF \nopenssl.OPENSSL-DOC \nopenssl.OPENSSL-INC \nopenssl.OPENSSL-LIB \nopenssl.OPENSSL-MAN \nopenssl.OPENSSL-MIS \nopenssl.OPENSSL-PRNG \nopenssl.OPENSSL-PVT \nopenssl.OPENSSL-RUN \nopenssl.OPENSSL-SRC \naction: install revision A.00.09.07m.046 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.23 \n================== \nfips_1_1_2.FIPS-CONF \nfips_1_1_2.FIPS-DOC \nfips_1_1_2.FIPS-INC \nfips_1_1_2.FIPS-LIB \nfips_1_1_2.FIPS-MAN \nfips_1_1_2.FIPS-MIS \nfips_1_1_2.FIPS-RUN \nfips_1_1_2.FIPS-SRC \naction: install revision FIPS-OPENSSL-1.1.2.047 or subsequent \nfips_1_2.FIPS-CONF \nfips_1_2.FIPS-DOC \nfips_1_2.FIPS-INC \nfips_1_2.FIPS-LIB \nfips_1_2.FIPS-LIB \nfips_1_2.FIPS-MAN \nfips_1_2.FIPS-MIS \nfips_1_2.FIPS-RUN \nfips_1_2.FIPS-RUN \nfips_1_2.FIPS-SRC \naction: install revision FIPS-OPENSSL-1.2.002 or subsequent \nopenssl.OPENSSL-CER \nopenssl.OPENSSL-CONF \nopenssl.OPENSSL-DOC \nopenssl.OPENSSL-INC \nopenssl.OPENSSL-LIB \nopenssl.OPENSSL-MAN \nopenssl.OPENSSL-MIS \nopenssl.OPENSSL-PRNG \nopenssl.OPENSSL-PVT \nopenssl.OPENSSL-RUN \nopenssl.OPENSSL-SRC \naction: install revision A.00.09.07m.047 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.31 \n================== \nfips_1_1_2.FIPS-CONF \nfips_1_1_2.FIPS-DOC \nfips_1_1_2.FIPS-INC \nfips_1_1_2.FIPS-LIB \nfips_1_1_2.FIPS-MAN \nfips_1_1_2.FIPS-MIS \nfips_1_1_2.FIPS-RUN \nfips_1_1_2.FIPS-SRC \naction: install revision FIPS-OPENSSL-1.1.2.048 or subsequent \nfips_1_2.FIPS-CONF \nfips_1_2.FIPS-DOC \nfips_1_2.FIPS-INC \nfips_1_2.FIPS-LIB \nfips_1_2.FIPS-MAN \nfips_1_2.FIPS-MIS \nfips_1_2.FIPS-RUN \nfips_1_2.FIPS-SRC \naction: install revision FIPS-OPENSSL-1.2.003 or subsequent \nopenssl.OPENSSL-CER \nopenssl.OPENSSL-CONF \nopenssl.OPENSSL-DOC \nopenssl.OPENSSL-INC \nopenssl.OPENSSL-LIB \nopenssl.OPENSSL-MAN \nopenssl.OPENSSL-MIS \nopenssl.OPENSSL-PRNG \nopenssl.OPENSSL-PVT \nopenssl.OPENSSL-RUN \nopenssl.OPENSSL-SRC \naction: install revision A.00.09.08j.003 or subsequent \nURL: http://software.hp.com \n\nEND AFFECTED VERSIONS \n\nHISTORY \nVersion:1 (rev.1) 31 March 2009 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200904-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: ntp: Certificate validation error\n Date: April 05, 2009\n Bugs: #254098\n ID: 200904-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nAn error in the OpenSSL certificate chain validation in ntp might allow\nfor spoofing attacks. \n\nBackground\n==========\n\nntp contains the client and daemon implementations for the Network Time\nProtocol. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.4_p6 \u003e= 4.2.4_p6\n\nDescription\n===========\n\nIt has been reported that ntp incorrectly checks the return value of\nthe EVP_VerifyFinal(), a vulnerability related to CVE-2008-5077 (GLSA\n200902-02). \n\nImpact\n======\n\nA remote attacker could exploit this vulnerability to spoof arbitrary\nnames to conduct Man-In-The-Middle attacks and intercept sensitive\ninformation. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ntp users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.4_p6\"\n\nReferences\n==========\n\n [ 1 ] CVE-2008-5077\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077\n [ 2 ] CVE-2009-0021\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021\n [ 3 ] GLSA 200902-02\n http://www.gentoo.org/security/en/glsa/glsa-200902-02.xml\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200904-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2009 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n 6585e08eab279e6a249630385683bf43 2008.0/i586/libopenssl0.9.8-0.9.8e-8.2mdv2008.0.i586.rpm\n b5955c2c0a2cc24abd9f5f3ebc7d0148 2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.2mdv2008.0.i586.rpm\n 7c92323d7aa583b936ef908f3f6ac867 2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.i586.rpm\n 2b791168311c3ecba4f8b7acd24e64ab 2008.0/i586/openssl-0.9.8e-8.2mdv2008.0.i586.rpm \n cf51c48e4c05ac5357f6076fbaeff0a5 2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 6259ac00622227eee59f888bc516bc3a 2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.2mdv2008.0.x86_64.rpm\n fe745327c1bbb599e025a5b90bb05817 2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm\n bdb7113b06aab0c4d77cbf86bcf208c2 2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm\n d4fda198a80b88c7caaf947af0866df8 2008.0/x86_64/openssl-0.9.8e-8.2mdv2008.0.x86_64.rpm \n cf51c48e4c05ac5357f6076fbaeff0a5 2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.1:\n 4a0be98cd3fb82a22e3836c5ae81ed37 2008.1/i586/libopenssl0.9.8-0.9.8g-4.2mdv2008.1.i586.rpm\n 277058ecc1d26d24bf4da5ea27d4a31f 2008.1/i586/libopenssl0.9.8-devel-0.9.8g-4.2mdv2008.1.i586.rpm\n 29b08a5a233f1987c4ca98aaa4e97ac5 2008.1/i586/libopenssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.i586.rpm\n e47be879abc0c089a8f380469a6a62c8 2008.1/i586/openssl-0.9.8g-4.2mdv2008.1.i586.rpm \n 7395d0e10c1938be16261baba05da55c 2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm\n\n Mandriva Linux 2008.1/X86_64:\n 71a69804b928a9f7856f65fee332c5ab 2008.1/x86_64/lib64openssl0.9.8-0.9.8g-4.2mdv2008.1.x86_64.rpm\n e9c5d1d4895a5a679945bde62df6f988 2008.1/x86_64/lib64openssl0.9.8-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm\n 7f2d66839f93e2083dcd1b1f27ca4ddf 2008.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm\n 40408ffdf13faa6c79b28c764bb88b22 2008.1/x86_64/openssl-0.9.8g-4.2mdv2008.1.x86_64.rpm \n 7395d0e10c1938be16261baba05da55c 2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm\n\n Mandriva Linux 2009.0:\n 2512f6a41e9a8e7bcff53e5737029689 2009.0/i586/libopenssl0.9.8-0.9.8h-3.1mdv2009.0.i586.rpm\n d7774faaed2866da5bb05cbcf07604da 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.1mdv2009.0.i586.rpm\n ed99160bdf1ce33fa81dc47c71915318 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.i586.rpm\n 6116fafed014596ee1e6ec43db93133f 2009.0/i586/openssl-0.9.8h-3.1mdv2009.0.i586.rpm \n 8ad6b0d8aff3bb992d716668450aef3a 2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n d2cc04fc0bdaeea8e4cc5d7ab4e997fd 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.1mdv2009.0.x86_64.rpm\n b537da3113c75f87c4fa8d66be2d6797 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm\n ef9add2bec302b324b9c0690cf79b57c 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm\n 16b8c11f4d6dedf2e4176bfc55607c15 2009.0/x86_64/openssl-0.9.8h-3.1mdv2009.0.x86_64.rpm \n 8ad6b0d8aff3bb992d716668450aef3a 2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm\n\n Corporate 3.0:\n 5e8f4b7c1e646d0e16af2d83238a011b corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm\n 5115d911b9a6842fd0c3495429c7c2f2 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.9.C30mdk.i586.rpm\n b934b4f9686deef6cb1eba750ab36288 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.i586.rpm\n 11ec8a4df261d4d4fa9957d33be08604 corporate/3.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm \n dcd1a4feb1a04302c54465dce7c7c506 corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 64521521330df90b42c9c37cafe50b54 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.9.C30mdk.x86_64.rpm\n 3a85c30c0511e42ec76c80e08efe5192 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.9.C30mdk.x86_64.rpm\n 12af66f30c5022d8d29b57a9131458c3 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.x86_64.rpm\n 62f5c54be99ddc9458670ae04b24d3f0 corporate/3.0/x86_64/openssl-0.9.7c-3.9.C30mdk.x86_64.rpm \n dcd1a4feb1a04302c54465dce7c7c506 corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm\n\n Corporate 4.0:\n 60c64d9ead2b01fb39058a705fcb95dc corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.7.20060mlcs4.i586.rpm\n fb4d5555c211b375707bf7d194e74776 corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.i586.rpm\n c13ff967b4310e5a790e85595f940b7e corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.i586.rpm\n e9a96a389c00ee674d689e3747c3e501 corporate/4.0/i586/openssl-0.9.7g-2.7.20060mlcs4.i586.rpm \n 4df38ebd98b467bdee0d4a24d3b0158f corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n de71d0bbc98589afdf03b7a99aad7103 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.7.20060mlcs4.x86_64.rpm\n 0c330148b55987e50f491c7e4d3b65a5 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm\n ce64720b2685fada3e88a5725c43b532 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm\n 29f0f40602184d7f366e1d1d8e5c03e4 corporate/4.0/x86_64/openssl-0.9.7g-2.7.20060mlcs4.x86_64.rpm \n 4df38ebd98b467bdee0d4a24d3b0158f corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 74a4beac1c01f9fd888dd5eea356f7be mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm\n c809a08f26051c7a3931ccda00c94429 mnf/2.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm \n 8ae9f7004b77dca2317980ba4215dc92 mnf/2.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFJZqIYmqjQ0CJFipgRAqRNAKDNNvWgsIk0/eh5f8539zOJ7dtnnQCeJezP\nZE8i9Ju80WcdhXe9yIoPevE=\n=9n1t\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nHP SSL v1.3 for OpenVMS Alpha (v 8.2 or higher) and Integrity (v 8.2-1 or higher)", "sources": [ { "db": "NVD", "id": "CVE-2008-5077" }, { "db": "JVNDB", "id": "JVNDB-2009-001610" }, { "db": "CNVD", "id": "CNVD-2010-0376" }, { "db": "PACKETSTORM", "id": "76261" }, { "db": "PACKETSTORM", "id": "76268" }, { "db": "PACKETSTORM", "id": "76379" }, { "db": "PACKETSTORM", "id": "73698" }, { "db": "PACKETSTORM", "id": "90746" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2008-5077", "trust": 3.5 }, { "db": "VUPEN", "id": "ADV-2009-0913", "trust": 1.8 }, { "db": "BID", "id": "33150", "trust": 1.8 }, { "db": "SECUNIA", "id": "33338", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2009-0558", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2009-1338", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2009-0362", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2009-0904", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2009-1297", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2009-0040", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2009-0289", "trust": 1.0 }, { "db": "USCERT", "id": "TA09-133A", "trust": 1.0 }, { "db": "SECUNIA", "id": "35074", "trust": 1.0 }, { "db": "SECUNIA", "id": "33557", "trust": 1.0 }, { "db": "SECUNIA", "id": "34211", "trust": 1.0 }, { "db": "SECUNIA", "id": "33673", "trust": 1.0 }, { "db": "SECUNIA", "id": "33765", "trust": 1.0 }, { "db": "SECUNIA", "id": "35108", "trust": 1.0 }, { "db": "SECUNIA", "id": "39005", "trust": 1.0 }, { "db": "SECUNIA", "id": "33436", "trust": 1.0 }, { "db": "SECUNIA", "id": "33394", "trust": 1.0 }, { "db": "SECTRACK", "id": "1021523", "trust": 1.0 }, { "db": "OCERT", "id": "OCERT-2008-016", "trust": 1.0 }, { "db": "BID", "id": "33151", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2009-001610", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2010-0376", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "LENOVO", "id": "LEN-24443", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200901-055", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "76261", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "76268", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "76379", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "73698", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "90746", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-0376" }, { "db": "JVNDB", "id": "JVNDB-2009-001610" }, { "db": "PACKETSTORM", "id": "76261" }, { "db": "PACKETSTORM", "id": "76268" }, { "db": "PACKETSTORM", "id": "76379" }, { "db": "PACKETSTORM", "id": "73698" }, { "db": "PACKETSTORM", "id": "90746" }, { "db": "CNNVD", "id": "CNNVD-200901-055" }, { "db": "NVD", "id": "CVE-2008-5077" } ] }, "id": "VAR-200901-0714", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2010-0376" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-0376" } ] }, "last_update_date": "2024-11-29T20:13:51.234000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT3549", "trust": 0.8, "url": "http://support.apple.com/kb/HT3549" }, { "title": "HT3549", "trust": 0.8, "url": "http://support.apple.com/kb/HT3549?viewlocale=ja_JP" }, { "title": "openssl097a-0.9.7a-9AXS3.1", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=400" }, { "title": "openssl-0.9.8b-10.1AXS3.1", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=401" }, { "title": "HPSBUX02418", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01706219" }, { "title": "1933", "trust": 0.8, "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1933" }, { "title": "1669", "trust": 0.8, "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1669" }, { "title": "1655", "trust": 0.8, "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1655" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.openssl.org/" }, { "title": "Multiple OpenSSL vulnerabilities in Sun SPARC Enterprise M-series XCP Firmware", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_openssl_vulnerabilities_in_sun" }, { "title": "250826", "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1" }, { "title": "TLSA-2009-5", "trust": 0.8, "url": "http://www.turbolinux.com/security/2009/TLSA-2009-5.txt" }, { "title": "TLSA-2009-5", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2009/TLSA-2009-5j.txt" }, { "title": "F5 FirePass OpenSSL \\\"EVP_VerifyFinal()\\\" Spoofing Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/230" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-0376" }, { "db": "JVNDB", "id": "JVNDB-2009-001610" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "CWE-287", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-001610" }, { "db": "NVD", "id": "CVE-2008-5077" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://www.securityfocus.com/bid/33150" }, { "trust": 1.8, "url": "http://www.vupen.com/english/advisories/2009/0913" }, { "trust": 1.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5077" }, { "trust": 1.0, "url": "http://secunia.com/advisories/34211" }, { "trust": 1.0, "url": "http://secunia.com/advisories/35108" }, { "trust": 1.0, "url": "http://lists.apple.com/archives/security-announce/2009/may/msg00002.html" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2009/0289" }, { "trust": 1.0, "url": "http://secunia.com/advisories/33557" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9155" }, { "trust": 1.0, "url": "https://usn.ubuntu.com/704-1/" }, { "trust": 1.0, "url": "http://secunia.com/advisories/33436" }, { "trust": 1.0, "url": "http://secunia.com/advisories/33765" }, { "trust": 1.0, "url": "http://support.apple.com/kb/ht3549" }, { "trust": 1.0, "url": "http://www.openssl.org/news/secadv_20090107.txt" }, { "trust": 1.0, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1" }, { "trust": 1.0, "url": "http://support.avaya.com/elmodocs2/security/asa-2009-038.htm" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "trust": 1.0, "url": "http://www.ocert.org/advisories/ocert-2008-016.html" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "trust": 1.0, "url": "http://secunia.com/advisories/39005" }, { "trust": 1.0, "url": "http://secunia.com/advisories/33394" }, { "trust": 1.0, "url": "http://www.vmware.com/security/advisories/vmsa-2009-0004.html" }, { "trust": 1.0, "url": "http://support.nortel.com/go/main.jsp?cscat=bltndetail\u0026id=837653" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=124277349419254\u0026w=2" }, { "trust": 1.0, "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.544796" }, { "trust": 1.0, "url": "http://secunia.com/advisories/33673" }, { "trust": 1.0, "url": "http://www.us-cert.gov/cas/techalerts/ta09-133a.html" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=123859864430555\u0026w=2" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2009/1338" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2009/0362" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "trust": 1.0, "url": "http://secunia.com/advisories/35074" }, { "trust": 1.0, "url": "http://secunia.com/advisories/33338" }, { "trust": 1.0, "url": "http://www.securitytracker.com/id?1021523" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2009/0558" }, { "trust": 1.0, "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2009/0904" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2009/0040" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6380" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2009-0004.html" }, { "trust": 1.0, "url": "http://security.gentoo.org/glsa/glsa-200902-02.xml" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-5077" }, { "trust": 0.8, "url": "http://secunia.com/advisories/33338/" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/33151" }, { "trust": 0.6, "url": "http://www.securityfocus.com/archive/1/archive/1/502322/100/0/threaded" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/solutions/len-24443" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5077" }, { "trust": 0.2, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.2, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.2, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vi/esx-1008408.tgz" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0025" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1008409" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1008413" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2712" }, { "trust": 0.1, "url": "http://www.vmware.com/security" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2712" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4101" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1008415" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3432" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1008416" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vi/esx303-200903403-sg.zip" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vi/esx303-200903406-sg.zip" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vi/esx303-200903405-sg.zip" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1008408" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vi/esx-1008409.tgz" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4101" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1008406" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3432" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0025" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2953" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2953" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vi/esx-1008406.tgz" }, { "trust": 0.1, "url": "http://software.hp.com" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "http://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0021" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0021" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://www.gentoo.org/security/en/glsa/glsa-200902-02.xml" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-200904-05.xml" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0789" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0591" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0590" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-0376" }, { "db": "JVNDB", "id": "JVNDB-2009-001610" }, { "db": "PACKETSTORM", "id": "76261" }, { "db": "PACKETSTORM", "id": "76268" }, { "db": "PACKETSTORM", "id": "76379" }, { "db": "PACKETSTORM", "id": "73698" }, { "db": "PACKETSTORM", "id": "90746" }, { "db": "CNNVD", "id": "CNNVD-200901-055" }, { "db": "NVD", "id": "CVE-2008-5077" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2010-0376" }, { "db": "JVNDB", "id": "JVNDB-2009-001610" }, { "db": "PACKETSTORM", "id": "76261" }, { "db": "PACKETSTORM", "id": "76268" }, { "db": "PACKETSTORM", "id": "76379" }, { "db": "PACKETSTORM", "id": "73698" }, { "db": "PACKETSTORM", "id": "90746" }, { "db": "CNNVD", "id": "CNNVD-200901-055" }, { "db": "NVD", "id": "CVE-2008-5077" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-03-17T00:00:00", "db": "CNVD", "id": "CNVD-2010-0376" }, { "date": "2009-07-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-001610" }, { "date": "2009-04-01T22:24:06", "db": "PACKETSTORM", "id": "76261" }, { "date": "2009-04-01T22:41:01", "db": "PACKETSTORM", "id": "76268" }, { "date": "2009-04-06T23:59:06", "db": "PACKETSTORM", "id": "76379" }, { "date": "2009-01-09T20:52:12", "db": "PACKETSTORM", "id": "73698" }, { "date": "2010-06-18T02:05:35", "db": "PACKETSTORM", "id": "90746" }, { "date": "2009-01-07T00:00:00", "db": "CNNVD", "id": "CNNVD-200901-055" }, { "date": "2009-01-07T17:30:00.327000", "db": "NVD", "id": "CVE-2008-5077" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-03-17T00:00:00", "db": "CNVD", "id": "CNVD-2010-0376" }, { "date": "2012-10-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-001610" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-200901-055" }, { "date": "2024-11-21T00:53:14.187000", "db": "NVD", "id": "CVE-2008-5077" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "76261" }, { "db": "CNNVD", "id": "CNNVD-200901-055" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL Vulnerabilities that bypass the validity of certificate chains", "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-001610" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200901-055" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.