---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: SUSE update for openssl/mozilla-nss SECUNIA ADVISORY ID: SA22044 VERIFY ADVISORY: http://secunia.com/advisories/22044/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: SUSE Linux 10 http://secunia.com/product/6221/ SUSE Linux 10.1 http://secunia.com/product/10796/ SUSE Linux 9.2 http://secunia.com/product/4258/ SUSE Linux 9.3 http://secunia.com/product/4933/ SuSE Linux Desktop 1.x http://secunia.com/product/2002/ SuSE Linux Enterprise Server 8 http://secunia.com/product/1171/ SUSE Linux Enterprise Server 9 http://secunia.com/product/4118/ SuSE Linux Openexchange Server 4.x http://secunia.com/product/2001/ SuSE Linux Standard Server 8 http://secunia.com/product/2526/ DESCRIPTION: SUSE has issued updates for openssl and mozilla-nss. These fix some vulnerabilities, which potentially can be exploited by malicious people to bypass certain security restrictions. For more information: SA21709 SA21903 SOLUTION: Apply updated packages. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mozilla-nss-3.11-21.7.i586.rpm 2ca59cfa949741f970019250db6e7890 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mozilla-nss-devel-3.11-21.7.i586.rpm 5176d16fddcc9085c9c62633df1c1e7a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/openssl-0.9.8a-18.7.i586.rpm f3c5cb97da8acb6a4c4ef9434cb89e1a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/openssl-devel-0.9.8a-18.7.i586.rpm 20c03b69fb682e341fbcbd6e0b7fa08d SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-nss-3.10-12.3.i586.rpm f1040a75792a24085ffeacaf4fdbbadb ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-nss-devel-3.10-12.3.i586.rpm f666ce57dcedd14078d2289831658ec2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/openssl-0.9.7g-2.8.i586.rpm 2a2ec627749b0ebef913522777d6d10a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/openssl-devel-0.9.7g-2.8.i586.rpm 0889bf02be6b048e62109510b711debf SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/openssl-0.9.7e-3.4.i586.rpm ef34f676b7c3279c368d044a35761e23 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/openssl-devel-0.9.7e-3.4.i586.rpm 2c0333c5ec9ba7b73c23c35bd8478668 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openssl-0.9.7d-25.4.i586.rpm e059156ac8c786f92915c66101c22cca ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openssl-devel-0.9.7d-25.4.i586.rpm 163ce037ad79bbf3c53e4182a37c8b1a Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mozilla-nss-3.11-21.7.ppc.rpm 6b8a99c4f638adda50eda09925c11983 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mozilla-nss-devel-3.11-21.7.ppc.rpm 1e78438027cc3e92e7a65af293142280 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/openssl-0.9.8a-18.7.ppc.rpm a324d27cf6dfa4ceedcf83c1dcffb534 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/openssl-devel-0.9.8a-18.7.ppc.rpm ab05376b3874aa893546a31630b503e8 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-nss-3.10-12.3.ppc.rpm 420734304297e8e4f708d83843790ee4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-nss-devel-3.10-12.3.ppc.rpm 530a0571a379a3b5965c7a16aac74c09 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/openssl-0.9.7g-2.8.ppc.rpm 53a2702d6c99c2976730c4eca4f81fa2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/openssl-devel-0.9.7g-2.8.ppc.rpm ec29d438d00028c4c4937174fd378a49 x86-64 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mozilla-nss-3.11-21.7.x86_64.rpm 6fa083972df9ae919858f621b1aec930 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mozilla-nss-32bit-3.11-21.7.x86_64.rpm 5ce7f14b2fd30384aa123dd6185f074e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mozilla-nss-devel-3.11-21.7.x86_64.rpm 2a4c684d4f59f64d4e25e18ea53f49c5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/openssl-0.9.8a-18.7.x86_64.rpm 724ffd5c1123d162f19e3f9a929f2bc7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/openssl-32bit-0.9.8a-18.7.x86_64.rpm 7016abba594501c51de8f32e4051acec ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/openssl-devel-0.9.8a-18.7.x86_64.rpm 96413d2dd6658ce9a08d777627e78b0a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/openssl-devel-32bit-0.9.8a-18.7.x86_64.rpm d2af23fa3cabfb7a4458affcd4f24f89 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-nss-3.10-12.3.x86_64.rpm f0e48cc8482ffa3d9f557caa8c495189 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-nss-32bit-3.10-12.3.x86_64.rpm c5185e5f3ec998948e714231da384fae ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-nss-devel-3.10-12.3.x86_64.rpm b872a76bded9ca5fea3a92ea6311a820 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/openssl-0.9.7g-2.8.x86_64.rpm 4780f468291c749b082c18143319f7e0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/openssl-32bit-0.9.7g-2.8.x86_64.rpm a3203768a3736019ef975cfed314ddd3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/openssl-devel-0.9.7g-2.8.x86_64.rpm bc1f3b4a20b4d4a26e22c41700fa7c57 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/openssl-devel-32bit-0.9.7g-2.8.x86_64.rpm 305646efe9293dc744744a9198c9d61b SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/openssl-0.9.7e-3.4.x86_64.rpm 0ee8251cc8d18e34683cffb9b836f6d2 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/openssl-32bit-9.3-7.2.x86_64.rpm 01d8ecb0b20265fd547f2f6ce550ef30 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/openssl-devel-0.9.7e-3.4.x86_64.rpm e3e7086a44dfd719005b335c90b93dd0 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/openssl-devel-32bit-9.3-7.2.x86_64.rpm 78b2ee77d6a84f3afded42aa048f77b1 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/openssl-0.9.7d-25.4.x86_64.rpm 82bbf9b57187eae584eee9c748471266 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/openssl-32bit-9.2-200609140724.x86_64.rpm 8a8ac0b203100e5ac137064760c5e285 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/openssl-devel-0.9.7d-25.4.x86_64.rpm 153d3ba8a9e7f1179d7495c643a46432 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/openssl-devel-32bit-9.2-200609140724.x86_64.rpm e0e8c2345d6a176e0b79fe1f5ec0b1eb Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/mozilla-nss-3.11-21.7.src.rpm 2d64292745510b79081aff63af3ae57c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/openssl-0.9.8a-18.7.src.rpm a43b90f75865fbc3596084c35aac3585 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-nss-3.10-12.3.src.rpm 205b16b750e3fdd4ba3c0b7a12627d6a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/openssl-0.9.7g-2.8.src.rpm 7949b6cbcd17092289949e85670e8330 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/openssl-0.9.7e-3.4.src.rpm a3fec9ffa1b2e15fedc51461d603e9c8 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/openssl-0.9.7d-25.4.src.rpm f52a4666f358c6399137c6470c04355d SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/5ed5dd66328b2d660bce8191dbd9d7de.html Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/5ed5dd66328b2d660bce8191dbd9d7de.html SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/5ed5dd66328b2d660bce8191dbd9d7de.html SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/5ed5dd66328b2d660bce8191dbd9d7de.html SuSE Linux Desktop 1.0 http://support.novell.com/techcenter/psdb/5ed5dd66328b2d660bce8191dbd9d7de.html SUSE SLES 9 http://support.novell.com/techcenter/psdb/5ed5dd66328b2d660bce8191dbd9d7de.html ORIGINAL ADVISORY: http://lists.suse.com/archive/suse-security-announce/2006-Sep/0009.html OTHER REFERENCES: SA21709: http://secunia.com/advisories/21709/ SA21903: http://secunia.com/advisories/21903/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------