Advisories

Mandriva Advisories

Package name	perl-Net_SSLeay
Date	January 26th, 2006
Advisory ID	MDKSA-2006:023
Affected versions	10.1, CS3.0, 10.2, 2006.0
Synopsis	Updated perl-Net_SSLeay packages fix vulnerability

Problem Description

Javier Fernandez-Sanguino Pena discovered that the perl Net::SSLeay
module used the file /tmp/entropy as a fallback entropy source if a
proper source was not set via the environment variable EGD_PATH. This
could potentially lead to weakened cryptographic operations if an
attacker was able to provide a /tmp/entropy file with known content.

The updated packages have been patched to correct this problem.

Updated Packages

Mandrakelinux 10.1

 745c88ffafb7cec13b0db84911bd82e1  10.1/RPMS/perl-Net_SSLeay-1.25-4.1.101mdk.i586.rpm
 87d1a8df8d27efa75bed071293321bc0  10.1/SRPMS/perl-Net_SSLeay-1.25-4.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 1959cfe8f68e744a99f6f8191b4a6093  x86_64/10.1/RPMS/perl-Net_SSLeay-1.25-4.1.101mdk.x86_64.rpm
 87d1a8df8d27efa75bed071293321bc0  x86_64/10.1/SRPMS/perl-Net_SSLeay-1.25-4.1.101mdk.src.rpm

Corporate Server 3.0

 52a48ee590bf9b386af74308f74d1569  corporate/3.0/RPMS/perl-Net_SSLeay-1.25-4.1.C30mdk.i586.rpm
 5f10e7c1355d60304f43ae04c896b363  corporate/3.0/SRPMS/perl-Net_SSLeay-1.25-4.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 344dfac9fc97b91fa1b2827e3408a02d  x86_64/corporate/3.0/RPMS/perl-Net_SSLeay-1.25-4.1.C30mdk.x86_64.rpm
 5f10e7c1355d60304f43ae04c896b363  x86_64/corporate/3.0/SRPMS/perl-Net_SSLeay-1.25-4.1.C30mdk.src.rpm

Mandriva Linux LE2005

 e1bcdfb33a1010725f67cb64a045c716  10.2/RPMS/perl-Net_SSLeay-1.25-4.1.102mdk.i586.rpm
 ac2647e198657a97a7745ebb7f80049e  10.2/SRPMS/perl-Net_SSLeay-1.25-4.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 88c10a807674653ce10317ce49614c21  x86_64/10.2/RPMS/perl-Net_SSLeay-1.25-4.1.102mdk.x86_64.rpm
 ac2647e198657a97a7745ebb7f80049e  x86_64/10.2/SRPMS/perl-Net_SSLeay-1.25-4.1.102mdk.src.rpm

Mandriva Linux 2006

 340b4d2ad0d1d77764899221e317dc5e  2006.0/RPMS/perl-Net_SSLeay-1.25-4.1.20060mdk.i586.rpm
 c08d4032e9c9d7fb81749ffc7b8f8b7f  2006.0/SRPMS/perl-Net_SSLeay-1.25-4.1.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 30b18d4d798dc2b9354a2fac2e938802  x86_64/2006.0/RPMS/perl-Net_SSLeay-1.25-4.1.20060mdk.x86_64.rpm
 c08d4032e9c9d7fb81749ffc7b8f8b7f  x86_64/2006.0/SRPMS/perl-Net_SSLeay-1.25-4.1.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0106

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer