WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec

OpenSSL ASN.1 Parsing Vulnerabilities

Risk
High

Date Discovered
09-30-2003

Description
Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. These issues could be exploited to cause a denial of service or to execute arbitrary code.

Platforms Affected
Caldera OpenLinux Server 3.1
Caldera OpenLinux Server 3.1.1
Caldera OpenLinux Workstation 3.1
Caldera OpenLinux Workstation 3.1.1
Caldera OpenUnix 8.0
Caldera UnixWare 7.1.1
Caldera UnixWare 7.1.3
Conectiva Linux 6.0
Conectiva Linux 7.0
Conectiva Linux 8.0
Debian Linux 3.0
EnGarde Secure Linux 1.0.1
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.7 -RELEASE
FreeBSD FreeBSD 5.0
HP Apache-Based Web Server 1.3.27 .00
HP Apache-Based Web Server 1.3.27 .01
HP Apache-Based Web Server 2.0.43 .00
HP Apache-Based Web Server 2.0.43 .04
HP HP-UX 11i
HP HP-UX 11.0
HP HP-UX Apache-Based Web Server 1.0.00.01
HP HP-UX Apache-Based Web Server 1.0.01.01
HP HP-UX Apache-Based Web Server 1.0 .02.01
HP Secure OS software for Linux 1.0
HP Webmin-Based Admin 1.0.00.01
IBM AIX 4.3
Immunix Immunix OS 7+
MandrakeSoft Linux Mandrake 8.0
MandrakeSoft Linux Mandrake 8.0 ppc
MandrakeSoft Linux Mandrake 8.1
MandrakeSoft Linux Mandrake 8.1 ia64
MandrakeSoft Linux Mandrake 8.2
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Terminal Services
Microsoft Windows 2000 Terminal Services SP1
Microsoft Windows 2000 Terminal Services SP2
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows NT Enterprise Server 4.0 SP1
Microsoft Windows NT Enterprise Server 4.0 SP2
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Windows NT Enterprise Server 4.0 SP4
Microsoft Windows NT Enterprise Server 4.0 SP5
Microsoft Windows NT Enterprise Server 4.0 SP6
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server 4.0 SP1
Microsoft Windows NT Server 4.0 SP2
Microsoft Windows NT Server 4.0 SP3
Microsoft Windows NT Server 4.0 SP4
Microsoft Windows NT Server 4.0 SP5
Microsoft Windows NT Server 4.0 SP6
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Terminal Server 4.0 SP1
Microsoft Windows NT Terminal Server 4.0 SP2
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Windows NT Terminal Server 4.0 SP4
Microsoft Windows NT Terminal Server 4.0 SP5
Microsoft Windows NT Terminal Server 4.0 SP6
Microsoft Windows NT Terminal Server 4.0 SP6a
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT Workstation 4.0 SP6a
NetBSD NetBSD 1.5
NetBSD NetBSD 1.5.1
NetBSD NetBSD 1.5.2
NetBSD NetBSD 1.5.3
NetBSD NetBSD 1.6
NetBSD NetBSD 1.6 beta
OpenBSD OpenBSD 2.9
OpenBSD OpenBSD 3.0
OpenBSD OpenBSD 3.1
OpenBSD OpenBSD 3.2
OpenPKG OpenPKG Current
OpenPKG OpenPKG 1.0
OpenPKG OpenPKG 1.1
OpenPKG OpenPKG 1.2
RedHat Linux 7.0 alpha
RedHat Linux 7.0 i386
RedHat Linux 7.0 sparc
RedHat Linux 7.1 alpha
RedHat Linux 7.1 i386
RedHat Linux 7.2
RedHat Linux 7.2 alpha
RedHat Linux 7.2 i386
RedHat Linux 7.2 i686
RedHat Linux 7.2 ia64
RedHat Linux 7.3
RedHat Linux 7.3 i386
S.u.S.E. Linux 7.1
S.u.S.E. Linux 7.1 alpha
S.u.S.E. Linux 7.1 ppc
S.u.S.E. Linux 7.1 sparc
S.u.S.E. Linux 7.2 i386
S.u.S.E. Linux 7.3 i386
S.u.S.E. Linux 7.3 ppc
S.u.S.E. Linux 7.3 sparc
S.u.S.E. Linux 8.0
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.2
S.u.S.E. Linux Connectivity Server
S.u.S.E. Linux Database Server
S.u.S.E. Linux Enterprise Server 7
S.u.S.E. Linux Firewall on CD
S.u.S.E. Office Server
S.u.S.E. SuSE eMail Server III
Slackware Linux 8.1
Stonesoft StoneGate 1.5.17
Stonesoft StoneGate 1.5.18
Stonesoft StoneGate 1.6.2
Stonesoft StoneGate 1.6.3
Stonesoft StoneGate 1.7
Stonesoft StoneGate 1.7.1
Stonesoft StoneGate 1.7.2
Stonesoft StoneGate 2.0.1
Stonesoft StoneGate 2.0.4
Stonesoft StoneGate 2.0.5
Stonesoft StoneGate 2.0.6
Stonesoft StoneGate 2.0.7
Stonesoft StoneGate 2.0.8
Stonesoft StoneGate 2.0.9
Stonesoft StoneGate 2.1
Stonesoft StoneGate 2.2
Stonesoft StoneGate 2.2.1
Stonesoft StoneGate High Availability Firewall and VPN 1.7
Stonesoft StoneGate High Availability Firewall and VPN 2.0
Stonesoft StoneGate High Availability Firewall and VPN 2.0.8
Sun Linux 5.0
Sun Solaris 2.6
Sun Solaris 7.0
Sun Solaris 8.0
Trustix Secure Linux 1.1
Trustix Secure Linux 1.2
Trustix Secure Linux 1.5

Components Affected
Apple MacOS X 10.2
Apple MacOS X 10.2.1
Apple MacOS X 10.2.2
Apple MacOS X 10.2.3
Apple MacOS X 10.2.4
Apple MacOS X 10.2.5
Apple MacOS X 10.2.6
Apple MacOS X 10.2.7
Apple MacOS X Server 10.2
Apple MacOS X Server 10.2.1
Apple MacOS X Server 10.2.2
Apple MacOS X Server 10.2.3
Apple MacOS X Server 10.2.4
Apple MacOS X Server 10.2.5
Apple MacOS X Server 10.2.6
Apple MacOS X Server 10.2.7
BlueCoat Systems CacheOS CA/SA 4.1.10
BlueCoat Systems Security Gateway OS 2.0
BlueCoat Systems Security Gateway OS 3.0
Cisco Application & Content Networking Software
Cisco CiscoWorks 1105 Hosting Solution Engine
Cisco CiscoWorks 1105 Wireless LAN Solution Engine
Cisco CiscoWorks Common Services 2.2
Cisco CSS11000 Content Services Switch
Cisco Firewall Services Module
Cisco GSS 4480 Global Site Selector
Cisco IOS 12.1 (19)E
Cisco IOS 12.1 (13.4)E
Cisco IOS 12.1 (11b)E
Cisco IOS 12.1 (11)E
Cisco IOS 12.2 SY
Cisco IOS 12.2 SX
Cisco Network Analysis Modules
Cisco PIX Firewall 515
Cisco PIX Firewall 520
Cisco SIP Proxy Server
Cisco SN 5428 Storage Router SN5428-3.3.2-K9
Cisco SN 5428 Storage Router SN5428-3.3.1-K9
Cisco SN 5428 Storage Router SN5428-3.2.2-K9
Cisco SN 5428 Storage Router SN5428-3.2.1-K9
Cisco SN 5428 Storage Router SN5428-2.5.1-K9
Cisco SN 5428 Storage Router SN5428-2-3.3.2-K9
Cisco SN 5428 Storage Router SN5428-2-3.3.1-K9
Cray Cray Open Software 3.4
F-Secure SSH 3.0.1 For UNIX
F-Secure SSH 3.1 .0 For UNIX
F-Secure SSH 3.1 .0
F-Secure SSH 3.2 .0 For UNIX
F-Secure SSH 3.2.3 For UNIX
F-Secure SSH 5.1 For Windows
F-Secure SSH 5.2 For Windows
F-Secure SSH 5.3 For Windows
F5 3-DNS 4.2
F5 3-DNS 4.3
F5 3-DNS 4.4
F5 3-DNS 4.5
F5 BigIP 2.0
F5 BigIP 2.1
F5 BigIP 4.2
F5 BigIP 4.3
F5 BigIP 4.4
F5 BigIP 4.5
F5 FirePass
F5 ISMan
HP HP-UX 11.0
HP HP-UX 11.11
HP HP-UX 11.20
HP HP-UX 11.22
HP HP-UX 11.23
Juniper Networks M-series Router M5
Juniper Networks M-series Router M40e
Juniper Networks M-series Router M40
Juniper Networks M-series Router M20
Juniper Networks M-series Router M160
Juniper Networks M-series Router M10
Juniper Networks SDX-300 3.1
Juniper Networks SDX-300 3.1.1
Juniper Networks T-series Router T640
Juniper Networks T-series Router T320
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
MandrakeSoft Linux Mandrake 8.2
MandrakeSoft Linux Mandrake 9.0
MandrakeSoft Linux Mandrake 9.1 ppc
MandrakeSoft Linux Mandrake 9.1
MandrakeSoft Linux Mandrake 9.2
MandrakeSoft Multi Network Firewall 8.2
OpenSSL Project OpenSSL 0.9.6 j
OpenSSL Project OpenSSL 0.9.6 i
OpenSSL Project OpenSSL 0.9.6 h
OpenSSL Project OpenSSL 0.9.6 g
OpenSSL Project OpenSSL 0.9.6 e
OpenSSL Project OpenSSL 0.9.6 d
OpenSSL Project OpenSSL 0.9.6 c
OpenSSL Project OpenSSL 0.9.6 b
OpenSSL Project OpenSSL 0.9.6 a
OpenSSL Project OpenSSL 0.9.6
OpenSSL Project OpenSSL 0.9.7 beta3
OpenSSL Project OpenSSL 0.9.7 beta2
OpenSSL Project OpenSSL 0.9.7 beta1
OpenSSL Project OpenSSL 0.9.7 b
OpenSSL Project OpenSSL 0.9.7 a
OpenSSL Project OpenSSL 0.9.7
SGI IRIX 6.5.19 m
SGI IRIX 6.5.19 f
SGI IRIX 6.5.19
SGI IRIX 6.5.20 m
SGI IRIX 6.5.20 f
SGI IRIX 6.5.20
SGI IRIX 6.5.21 m
SGI IRIX 6.5.21 f
SGI IRIX 6.5.21
SGI IRIX 6.5.22
SmoothWall Express 2.0 beta
SmoothWall GPL 1.0
SSH Communications Security IPSEC Express Toolkit
SSH Communications Security SSH Sentinel 1.4
SSLeay SSLeay 0.6.6
SSLeay SSLeay 0.8.1
SSLeay SSLeay 0.9
SSLeay SSLeay 0.9.1
Stonesoft StoneBeat FullCluster for Firewall-1 2.0
Stonesoft StoneBeat FullCluster for Firewall-1 3.0
Stonesoft StoneBeat FullCluster for Gauntlet 2.0
Stonesoft StoneBeat FullCluster for ISA Server 3.0
Stonesoft StoneBeat FullCluster for Raptor 2.0
Stonesoft StoneBeat FullCluster for Raptor 2.5
Stonesoft StoneBeat High Availability 3.1
Stonesoft StoneBeat SecurityCluster 2.0
Stonesoft StoneBeat SecurityCluster 2.5
Stonesoft StoneBeat WebCluster 2.0
Stonesoft StoneBeat WebCluster 2.5
Stonesoft StoneGate 1.5.17
Stonesoft StoneGate 1.5.18
Stonesoft StoneGate 1.6.2
Stonesoft StoneGate 1.6.3
Stonesoft StoneGate 1.7
Stonesoft StoneGate 1.7.1
Stonesoft StoneGate 1.7.2
Stonesoft StoneGate 2.0.1
Stonesoft StoneGate 2.0.4
Stonesoft StoneGate 2.0.5
Stonesoft StoneGate 2.0.6
Stonesoft StoneGate 2.0.7
Stonesoft StoneGate 2.0.8
Stonesoft StoneGate 2.0.9
Stonesoft StoneGate 2.1
Stonesoft StoneGate 2.2
Stonesoft StoneGate 2.2.1

Recommendations
Block external access at the network boundary, unless service is required by external parties.
External access to all services which do not require it should be blocked using multiple layers of network access controls. This may limit remote attack vectors for affected applications.

Implement multiple redundant layers of security.
Memory protection schemes such as non-executable stack/heap configurations and randomly mapped memory segments may complicate exploitation of memory corruption vulnerabilities.

Run all software as a non-privileged user with minimal access rights.
Multiple applications may provide attack vectors for these issues. All software that does not explictly require elevated privileges should be run as an unprivileged user with minimal access rights.

The OpenSSL Project has released OpenSSL versions 0.9.6k and 0.9.7c to address these issues. Any applications that are dynamically linked to OpenSSL libraries should be restarted after applying fixes. Applications that are statically linked to OpenSSL libraries should be recompiled after upgrading OpenSSL.

Red Hat has released advisories (RHSA-2003:291-01, RHSA-2003:292-01) to address these issues. Fixes may be applied with the Red Hat Update Agent. Manual fixes are also listed in the attached advisories.

OpenPKG has released advisory OpenPKG-SA-2003.044 to address these issues. Please see the attached advisory for details on obtaining and applying fixes.

Apple has addressed these issues in MacOS X 10.2.8.

Immunix has released an advisory (IMNX-2003-7+-022-01) to address these issues. Please see the attached advisory for details on obtaining and applying fixes.

Guardian Digital has released an advisory (ESA-20030930-027) for EnGarde Secure Linux. Updates included in the advisory can be obtained using the Guardian Digital WebTool. Further details are provided in the attached advisory.

SSH Communications Security SSH Sentinel is affected by these issues. An updated version has been released to remedy the issues. Stonesoft, who license SSH IPSec Toolkit from SSH Communications Security is also prone to this issue and is included in StoneGate products.

SGI has released advisory 20030904-01-P with fixes to address these issues.

Conectiva has released an advisory (CLA-2003:751) that addresses these issues. Please see the attached advisory for details on obtaining and applying fixes.

Cisco has released a security advisory with details concerning affected products and fixes. See referenced advisory for additional details.

Debian has released advisory DSA 393-1 to address these issues.

Mandrake has released an advisory (MDKSA-2003:098) to address these issues. Please see the attached advisory for details on obtaining and applying fixes.

Turbolinux has released an advisory (TLSA-2003-55) to address these issues. Please see the attached advisory for details on obtaining and applying fixes.

Gentoo has released updates for these issues. These updates can be applied with the following commands:
emerge sync
emerge openssl -p
emerge openssl
emerge clean

SuSE has released an advisory (SuSE-SA:2003:043) and fixes to address these issues. Please see the attached advisory for details on obtaining and applying fixes.

Novell has issued a response (NOVL-2003-10087450) to state that they are investigating the possibility of various SSL implementations included in Novell products being affected by these issues. The vendor will be releasing more information about affected products and will be issuing the appropriate fixes. Further information can be found in the attached advisory.

AppGate Network Security AB has announced that the default installation of AppGate is not prone to these issues, however, some non-default configurations may expose the issues. Users should contact the vendor for further information.

Cray Inc. ships vulnerable versions of OpenSSL in COS 3.4. Cray has released Spr 726919 to address these issues. Patches can be obtained from Cray.

F5 Networks has stated that their BIG-IP, 3-DNS, ISMan and Firepass products are vulnerable. They will be releasing patches for these issues, which will be available to customers through F5 support channels.

IBM has stated that AIX Toolbox for Linux ships with a vulnerable version of OpenSSL. Patches are pending.

Ingrian Networks have stated that they are investigating these issues and will be releasing a security advisory for affected products.

Juniper Networks ships a number of products that are vulnerable. JUNOS versions and SDX software versions built on or after October 2, 2003 are not prone to these issues. Customers can obtain upgrades via the Juniper Networks Technical Assistance Center (JTAC).

Openwall GNU/*/Linux is prone to the issues specific to OpenSSL 0.9.6 releases. The Owl-current release, as of 2003/10/01, is not prone to this issue due to an upgraded version of OpenSSL.

Stonesoft has released an advisory entitled "OpenSSL security bugs" that lists vulnerable products and contains information about pending fixes. These issues will reportedly be addressed with the releases of StoneGate engine version 2.2.2 and 2.0.11. StoneBeat clustering products are also pending vendor fix releases. SSH IPSec Toolkit ships with various StoneGate products and will also be addressed with the 2.2.2/2.0.11 release of the StoneGate engine.

Stunnel has released a statement indicating that their software may use vulnerable versions of OpenSSL, though is not directly affected by the issues. They have released updated OpenSSL DLLs which are available at the following location:
http://www.stunnel.org/download/stunnel/win32/openssl-0.9.7c/

Tawie Server Linux has released an advisory (2003-0001) to address this issue. Please see the referenced advisory for more information.

HP has released a security advisory (HPSBUX0310-284) containing update information to address this issue. Further information regarding product information and how to download appropriate updates via FTP can be found in the attached advisory.

SCO has released an advisory (CSSA-2003-SCO.25) to address this issues. Further information about applying updates can be found in the attached advisory.

F-Secure has announced that specific versions of their software may be vulnerable. New builds have been released to address this issue. Users are advised to upgrade as soon as possible.

SmoothWall has released fixes to address this issue. Please see the referenced website for more information.

Blue Coat Systems has released an advisory to address this issue. Please see the referenced website for more information.

A FreeBSD advisory and fixes have been released.



Apple MacOS X 10.2:
Apple MacOS X 10.2.1:
Apple MacOS X 10.2.2:
Apple MacOS X 10.2.3:
Apple MacOS X 10.2.4:
Apple MacOS X 10.2.5:
Apple MacOS X 10.2.6:
Apple MacOS X 10.2.7:
Apple MacOS X Server 10.2:
Apple MacOS X Server 10.2.1:
Apple MacOS X Server 10.2.2:
Apple MacOS X Server 10.2.3:
Apple MacOS X Server 10.2.4:
Apple MacOS X Server 10.2.5:
Apple MacOS X Server 10.2.6:
Apple MacOS X Server 10.2.7:
BlueCoat Systems CacheOS CA/SA 4.1.10:
BlueCoat Systems Security Gateway OS 2.0:
BlueCoat Systems Security Gateway OS 3.0:
Cisco Application & Content Networking Software :
Cisco CiscoWorks 1105 Hosting Solution Engine :
Cisco CiscoWorks 1105 Wireless LAN Solution Engine :
Cisco CiscoWorks Common Services 2.2:
Cisco CSS11000 Content Services Switch :
Cisco Firewall Services Module :
Cisco GSS 4480 Global Site Selector :
Cisco IOS 12.1 (19)E:
Cisco IOS 12.1 (13.4)E:
Cisco IOS 12.1 (11b)E:
Cisco IOS 12.1 (11)E:
Cisco IOS 12.2 SY:
Cisco IOS 12.2 SX:
Cisco Network Analysis Modules :
Cisco PIX Firewall 515 :
Cisco PIX Firewall 520 :
Cisco SIP Proxy Server :
Cisco SN 5428 Storage Router SN5428-3.3.2-K9:
Cisco SN 5428 Storage Router SN5428-3.3.1-K9:
Cisco SN 5428 Storage Router SN5428-3.2.2-K9:
Cisco SN 5428 Storage Router SN5428-3.2.1-K9:
Cisco SN 5428 Storage Router SN5428-2.5.1-K9:
Cisco SN 5428 Storage Router SN5428-2-3.3.2-K9:
Cisco SN 5428 Storage Router SN5428-2-3.3.1-K9:
Cray Cray Open Software 3.4:
F-Secure SSH 3.0.1 For UNIX:
F-Secure SSH 3.1 .0 For UNIX:
F-Secure SSH 3.1 .0:
F-Secure SSH 3.2 .0 For UNIX:
F-Secure SSH 3.2.3 For UNIX:
F-Secure SSH 5.1 For Windows:
F-Secure SSH 5.2 For Windows:
F-Secure SSH 5.3 For Windows:
F5 3-DNS 4.2:
F5 3-DNS 4.3:
F5 3-DNS 4.4:
F5 3-DNS 4.5:
F5 BigIP 2.0:
F5 BigIP 2.1:
F5 BigIP 4.2:
F5 BigIP 4.3:
F5 BigIP 4.4:
F5 BigIP 4.5:
F5 FirePass :
F5 ISMan :
HP HP-UX 11.0:
HP HP-UX 11.11:
HP HP-UX 11.20:
HP HP-UX 11.22:
HP HP-UX 11.23:
Juniper Networks M-series Router M5:
Juniper Networks M-series Router M40e:
Juniper Networks M-series Router M40:
Juniper Networks M-series Router M20:
Juniper Networks M-series Router M160:
Juniper Networks M-series Router M10:
Juniper Networks SDX-300 3.1:
Juniper Networks SDX-300 3.1.1:
Juniper Networks T-series Router T640:
Juniper Networks T-series Router T320:
MandrakeSoft Corporate Server 2.1 x86_64:

MandrakeSoft Upgrade libopenssl0-0.9.6i-1.6.90mdk.x86_64.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade libopenssl0-devel-0.9.6i-1.6.90mdk.x86_64.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade libopenssl0-static-devel-0.9.6i-1.6.90mdk.x86_64.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade openssl-0.9.6i-1.6.90mdk.x86_64.rpm
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft Corporate Server 2.1:
MandrakeSoft Upgrade libopenssl0-0.9.6i-1.6.90mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade libopenssl0-devel-0.9.6i-1.6.90mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade libopenssl0-static-devel-0.9.6i-1.6.90mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade openssl-0.9.6i-1.6.90mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft Linux Mandrake 8.2:
MandrakeSoft Upgrade libopenssl0-0.9.6i-1.5.82mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade libopenssl0-devel-0.9.6i-1.5.82mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade libopenssl0-static-devel-0.9.6i-1.5.82mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade openssl-0.9.6i-1.5.82mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft Linux Mandrake 9.0:
MandrakeSoft Upgrade libopenssl0-0.9.6i-1.6.90mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade libopenssl0-devel-0.9.6i-1.6.90mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade libopenssl0-static-devel-0.9.6i-1.6.90mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade openssl-0.9.6i-1.6.90mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft Linux Mandrake 9.1 ppc:
MandrakeSoft Upgrade libopenssl0-0.9.6i-1.2.91mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade libopenssl0.9.7-0.9.7a-1.2.91mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade libopenssl0.9.7-devel-0.9.7a-1.2.91mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade libopenssl0.9.7-static-devel-0.9.7a-1.2.91mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade openssl-0.9.7a-1.2.91mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft Linux Mandrake 9.1:
MandrakeSoft Upgrade libopenssl0-0.9.6i-1.2.91mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade libopenssl0.9.7-0.9.7a-1.2.91mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade libopenssl0.9.7-devel-0.9.7a-1.2.91mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade libopenssl0.9.7-static-devel-0.9.7a-1.2.91mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade openssl-0.9.7a-1.2.91mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft Linux Mandrake 9.2:
MandrakeSoft Upgrade libopenssl0.9.7-0.9.7b-4.1.92mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade libopenssl0.9.7-devel-0.9.7b-4.1.92mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade libopenssl0.9.7-static-devel-0.9.7b-4.1.92mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade openssl-0.9.7b-4.1.92mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft Multi Network Firewall 8.2:
MandrakeSoft Upgrade libopenssl0-0.9.6i-1.5.82mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Upgrade openssl-0.9.6i-1.5.82mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php

OpenSSL Project OpenSSL 0.9.6 j:
OpenSSL Project Upgrade OpenSSL 0.9.6k
http://www.openssl.org/source/

OpenSSL Project OpenSSL 0.9.6 i:
OpenSSL Project Upgrade OpenSSL 0.9.6k
http://www.openssl.org/source/
OpenSSL Project Upgrade openssl-0.9.6i-19.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssl-0.9.6i-19.i586.rpm
OpenSSL Project Patch openssl-0.9.6i-19.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssl-0.9.6i-19.i586.patch.rpm
OpenSSL Project Upgrade openssl-doc-0.9.6i-19.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssl-doc-0.9.6i-19.i586.rpm
OpenSSL Project Patch openssl-doc-0.9.6i-19.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssl-doc-0.9.6i-19.i586.patch.rpm
OpenSSL Project Upgrade openssl-devel-0.9.6i-19.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssl-devel-0.9.6i-19.i586.rpm
OpenSSL Project Patch openssl-devel-0.9.6i-19.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssl-devel-0.9.6i-19.i586.patch.rpm

OpenSSL Project OpenSSL 0.9.6 h:
OpenSSL Project Upgrade OpenSSL 0.9.6k
http://www.openssl.org/source/

OpenSSL Project OpenSSL 0.9.6 g:
OpenSSL Project Upgrade OpenSSL 0.9.6k
http://www.openssl.org/source/
OpenSSL Project Upgrade openssl-doc-0.9.6g-99.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssl-doc-0.9.6g-99.i586.rpm
OpenSSL Project Patch openssl-doc-0.9.6g-99.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssl-doc-0.9.6g-99.i586.patch.rpm
OpenSSL Project Upgrade openssl-0.9.6g-99.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssl-0.9.6g-99.i586.rpm
OpenSSL Project Patch openssl-0.9.6g-99.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssl-0.9.6g-99.i586.patch.rpm
OpenSSL Project Upgrade openssl-devel-0.9.6g-99.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssl-devel-0.9.6g-99.i586.rpm
OpenSSL Project Patch openssl-devel-0.9.6g-99.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssl-devel-0.9.6g-99.i586.patch.rpm

OpenSSL Project OpenSSL 0.9.6 e:
OpenSSL Project Upgrade OpenSSL 0.9.6k
http://www.openssl.org/source/

OpenSSL Project OpenSSL 0.9.6 d:
OpenSSL Project Upgrade OpenSSL 0.9.6k
http://www.openssl.org/source/

OpenSSL Project OpenSSL 0.9.6 c:
OpenSSL Project Upgrade OpenSSL 0.9.6k
http://www.openssl.org/source/
OpenSSL Project Upgrade openssl-0.9.6c-86.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec1/openssl-0.9.6c-86.i386.rpm
OpenSSL Project Patch openssl-0.9.6c-86.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec1/openssl-0.9.6c-86.i386.patch.rpm
OpenSSL Project Upgrade openssl-devel-0.9.6c-86.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/openssl-devel-0.9.6c-86.i386.rpm
OpenSSL Project Patch openssl-devel-0.9.6c-86.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/openssl-devel-0.9.6c-86.i386.patch.rpm
OpenSSL Project Upgrade openssl-doc-0.9.6c-86.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/doc4/openssl-doc-0.9.6c-86.i386.rpm
OpenSSL Project Patch openssl-doc-0.9.6c-86.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/doc4/openssl-doc-0.9.6c-86.i386.patch.rpm

OpenSSL Project OpenSSL 0.9.6 b:
OpenSSL Project Upgrade openssl-doc-0.9.6b-158.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/doc3/openssl-doc-0.9.6b-158.i386.rpm
OpenSSL Project Upgrade openssl-doc-0.9.6b-90.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/doc3/openssl-doc-0.9.6b-90.sparc.rpm
OpenSSL Project Upgrade openssl-doc-0.9.6b-151.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/doc3/openssl-doc-0.9.6b-151.ppc.rpm
OpenSSL Project Upgrade openssl-devel-0.9.6b-158.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/d2/openssl-devel-0.9.6b-158.i386.rpm
OpenSSL Project Upgrade openssl-0.9.6b-158.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec1/openssl-0.9.6b-158.i386.rpm
OpenSSL Project Upgrade openssl-0.9.6b-90.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec1/openssl-0.9.6b-90.sparc.rpm
OpenSSL Project Upgrade openssl-0.9.6b-151.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec1/openssl-0.9.6b-151.ppc.rpm
OpenSSL Project Upgrade OpenSSL 0.9.6k
http://www.openssl.org/source/
OpenSSL Project Upgrade openssl-0.9.6b-35.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-0.9.6b-35.7.i386.rpm
OpenSSL Project Upgrade openssl-devel-0.9.6b-35.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-devel-0.9.6b-35.7.i386.rpm
OpenSSL Project Upgrade openssl-perl-0.9.6b-35.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-perl-0.9.6b-35.7.i386.rpm
OpenSSL Project Upgrade openssl-0.9.6b-35.7.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-0.9.6b-35.7.ia64.rpm
OpenSSL Project Upgrade openssl-devel-0.9.6b-35.7.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-devel-0.9.6b-35.7.ia64.rpm
OpenSSL Project Upgrade openssl-perl-0.9.6b-35.7.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-perl-0.9.6b-35.7.ia64.rpm
OpenSSL Project Upgrade openssl-0.9.6b-35.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-0.9.6b-35.7.i386.rpm
OpenSSL Project Upgrade openssl-devel-0.9.6b-35.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-devel-0.9.6b-35.7.i386.rpm
OpenSSL Project Upgrade openssl-perl-0.9.6b-35.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-perl-0.9.6b-35.7.i386.rpm
OpenSSL Project Upgrade openssl-0.9.6b-35.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/openssl-0.9.6b-35.7.i686.rpm
OpenSSL Project Upgrade openssl-0.9.6b-35.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssl-0.9.6b-35.8.i386.rpm
OpenSSL Project Upgrade openssl-devel-0.9.6b-35.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssl-devel-0.9.6b-35.8.i386.rpm
OpenSSL Project Upgrade openssl-perl-0.9.6b-35.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssl-perl-0.9.6b-35.8.i386.rpm
OpenSSL Project Upgrade openssl-0.9.6b-35.8.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/openssl-0.9.6b-35.8.i686.rpm
OpenSSL Project Upgrade openssl096b-0.9.6b-12.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl096b-0.9.6b-12.i386.rpm
OpenSSL Project Upgrade openssl-devel-0.9.6b-90.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/d2/openssl-devel-0.9.6b-90.sparc.rpm
OpenSSL Project Upgrade openssl-devel-0.9.6b-151.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/d2/openssl-devel-0.9.6b-151.ppc.rpm

OpenSSL Project OpenSSL 0.9.6 a:
OpenSSL Project Upgrade OpenSSL 0.9.6k
http://www.openssl.org/source/
OpenSSL Project Upgrade openssl-0.9.6a-83.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec1/openssl-0.9.6a-83.i386.rpm
OpenSSL Project Upgrade openssl-devel-0.9.6a-83.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/d2/openssl-devel-0.9.6a-83.i386.rpm
OpenSSL Project Upgrade openssl-doc-0.9.6a-83.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/doc3/openssl-doc-0.9.6a-83.i386.rpm

OpenSSL Project OpenSSL 0.9.6:
OpenSSL Project Upgrade OpenSSL 0.9.6k
http://www.openssl.org/source/
OpenSSL Project Upgrade openssl096-0.9.6-23.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl096-0.9.6-23.9.i386.rpm
OpenSSL Project Upgrade openssl-0.9.6-19.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-0.9.6-19.i386.rpm
OpenSSL Project Upgrade openssl-devel-0.9.6-19.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-devel-0.9.6-19.i386.rpm
OpenSSL Project Upgrade openssl-perl-0.9.6-19.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-perl-0.9.6-19.i386.rpm
OpenSSL Project Upgrade openssl-python-0.9.6-19.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-python-0.9.6-19.i386.rpm
OpenSSL Project Upgrade openssl-0.9.6-19.1.ppc.rpm
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/openssl-0.9.6-19.1.ppc.rpm
OpenSSL Project Upgrade openssl-devel-0.9.6-19.1.ppc.rpm
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/openssl-devel-0.9.6-19.1.ppc.rpm
OpenSSL Project Upgrade openssl-perl-0.9.6-19.1.ppc.rpm
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/openssl-perl-0.9.6-19.1.ppc.rpm
OpenSSL Project Upgrade openssl-python-0.9.6-19.1.ppc.rpm
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/openssl-python-0.9.6-19.1.ppc.rpm
OpenSSL Project Upgrade openssl-0.9.6-19.1.ppc.rpm
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/openssl-0.9.6-19.1.ppc.rpm
OpenSSL Project Upgrade openssl-devel-0.9.6-19.1.ppc.rpm
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/openssl-devel-0.9.6-19.1.ppc.rpm
OpenSSL Project Upgrade openssl-perl-0.9.6-19.1.ppc.rpm
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/openssl-perl-0.9.6-19.1.ppc.rpm
OpenSSL Project Upgrade openssl-python-0.9.6-19.1.ppc.rpm
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/openssl-python-0.9.6-19.1.ppc.rpm
OpenSSL Project Upgrade openssl096-0.9.6-23.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl096-0.9.6-23.7.i386.rpm
OpenSSL Project Upgrade openssl096-0.9.6-23.7.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl096-0.9.6-23.7.ia64.rpm
OpenSSL Project Upgrade openssl096-0.9.6-23.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl096-0.9.6-23.7.i386.rpm
OpenSSL Project Upgrade openssl096-0.9.6-23.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssl096-0.9.6-23.8.i386.rpm

OpenSSL Project OpenSSL 0.9.7 beta3:
OpenSSL Project Upgrade OpenSSL 0.9.7c
http://www.openssl.org/source/

OpenSSL Project OpenSSL 0.9.7 beta2:
OpenSSL Project Upgrade OpenSSL 0.9.7c
http://www.openssl.org/source/

OpenSSL Project OpenSSL 0.9.7 beta1:
OpenSSL Project Upgrade OpenSSL 0.9.7c
http://www.openssl.org/source/

OpenSSL Project OpenSSL 0.9.7 b:
OpenSSL Project Upgrade OpenSSL 0.9.7c
http://www.openssl.org/source/
OpenSSL Project Upgrade openssl-doc-0.9.7b-71.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/openssl-doc-0.9.7b-71.i586.rpm
OpenSSL Project Patch openssl-doc-0.9.7b-71.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/openssl-doc-0.9.7b-71.i586.patch.rpm
OpenSSL Project Upgrade openssl-devel-0.9.7b-71.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/openssl-devel-0.9.7b-71.i586.rpm
OpenSSL Project Patch openssl-devel-0.9.7b-71.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/openssl-devel-0.9.7b-71.i586.patch.rpm
OpenSSL Project Upgrade openssl-0.9.7b-71.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/openssl-0.9.7b-71.i586.rpm
OpenSSL Project Patch openssl-0.9.7b-71.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/openssl-0.9.7b-71.i586.patch.rpm

OpenSSL Project OpenSSL 0.9.7 a:
OpenSSL Project Upgrade openssl-0.9.7a-20.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl-0.9.7a-20.i386.rpm
OpenSSL Project Upgrade openssl-devel-0.9.7a-20.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl-devel-0.9.7a-20.i386.rpm
OpenSSL Project Upgrade openssl-perl-0.9.7a-20.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl-perl-0.9.7a-20.i386.rpm
OpenSSL Project Upgrade openssl-0.9.7a-20.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/openssl-0.9.7a-20.i686.rpm
OpenSSL Project Upgrade OpenSSL 0.9.7c
http://www.openssl.org/source/

OpenSSL Project OpenSSL 0.9.7:
OpenSSL Project Upgrade OpenSSL 0.9.7c
http://www.openssl.org/source/
OpenSSL Project Patch erg712449.Z
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.25/erg712449.Z

SGI IRIX 6.5.19 m:
SGI IRIX 6.5.19 f:
SGI IRIX 6.5.19:
SGI IRIX 6.5.20 m:
SGI IRIX 6.5.20 f:
SGI IRIX 6.5.20:
SGI IRIX 6.5.21 m:
SGI IRIX 6.5.21 f:
SGI IRIX 6.5.21:
SGI IRIX 6.5.22:
SGI Patch openssl.tardist
ftp://patches.sgi.com/support/free/security/patches/6.5.22/openssl.tardist

SmoothWall Express 2.0 beta:
SmoothWall GPL 1.0:
SSH Communications Security IPSEC Express Toolkit :
SSH Communications Security SSH Sentinel 1.4:
SSH Communications Security Upgrade SSH Sentinel 1.4.1
http://ftp.ssh.com/priv/sentinel/9h86876tiu/SSHSentinel1.4.1.98_no_license.exe

SSLeay SSLeay 0.6.6:
SSLeay SSLeay 0.8.1:
SSLeay SSLeay 0.9:
SSLeay SSLeay 0.9.1:
Stonesoft StoneBeat FullCluster for Firewall-1 2.0:
Stonesoft StoneBeat FullCluster for Firewall-1 3.0:
Stonesoft StoneBeat FullCluster for Gauntlet 2.0:
Stonesoft StoneBeat FullCluster for ISA Server 3.0:
Stonesoft StoneBeat FullCluster for Raptor 2.0:
Stonesoft StoneBeat FullCluster for Raptor 2.5:
Stonesoft StoneBeat High Availability 3.1:
Stonesoft StoneBeat SecurityCluster 2.0:
Stonesoft StoneBeat SecurityCluster 2.5:
Stonesoft StoneBeat WebCluster 2.0:
Stonesoft StoneBeat WebCluster 2.5:
Stonesoft StoneGate 1.5.17:
Stonesoft StoneGate 1.5.18:
Stonesoft StoneGate 1.6.2:
Stonesoft StoneGate 1.6.3:
Stonesoft StoneGate 1.7:
Stonesoft StoneGate 1.7.1:
Stonesoft StoneGate 1.7.2:
Stonesoft StoneGate 2.0.1:
Stonesoft StoneGate 2.0.4:
Stonesoft StoneGate 2.0.5:
Stonesoft StoneGate 2.0.6:
Stonesoft StoneGate 2.0.7:
Stonesoft StoneGate 2.0.8:
Stonesoft StoneGate 2.0.9:
Stonesoft StoneGate 2.1:
Stonesoft StoneGate 2.2:
Stonesoft StoneGate 2.2.1:

References
Source: Trustix 2003-0001 openssl
URL: http://online.securityfocus.com/advisories/5929

Source: Gentoo 200309-19 openssl
URL: http://online.securityfocus.com/advisories/5925

Source: SGI 20030904-01-P Multiple OpenSSH/OpenSSL Vulnerabilities
URL: http://online.securityfocus.com/advisories/5915

Source: CERT CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations
URL: http://online.securityfocus.com/advisories/5928

Source: Conectiva CLA-2003:751 openssl
URL: http://online.securityfocus.com/advisories/5918

Source: SCO CSSA-2003-SCO.25 UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities
URL: http://online.securityfocus.com/advisories/5934

Source: Debian DSA 393-1 openssl
URL: http://online.securityfocus.com/advisories/5921

Source: EnGarde ESA-20030930-027 ASN.1 parsing vulnerabilities.
URL: http://online.securityfocus.com/advisories/5913

Source: FreeBSD FreeBSD-SA-03:18.openssl OpenSSL vulnerabilities in ASN.1 parsing
URL: http://online.securityfocus.com/advisories/5946

Source: HP HPSBUX0310-284 SSRT3622 Potential Security Vulnerabilities in Apache HTTP Server
URL: http://online.securityfocus.com/advisories/5933

Source: Immunix IMNX-2003-7+-022-01 openssl
URL: http://online.securityfocus.com/advisories/5911

Source: Mandrake MDKSA-2003:098 openssl
URL: http://online.securityfocus.com/advisories/5924

Source: Novell NOVL-2003-10087450 Novell Response to NISCC/CERT Advisories re: OpenSSL - revised url
URL: http://online.securityfocus.com/advisories/5927

Source: OpenPKG OpenPKG-SA-2003.044 openssl
URL: http://online.securityfocus.com/advisories/5909

Source: RedHat RHSA-2003:291-01 Updated OpenSSL packages fix vulnerabilities
URL: http://online.securityfocus.com/advisories/5914

Source: RedHat RHSA-2003:292-01 Updated OpenSSL packages fix vulnerabilities
URL: http://online.securityfocus.com/advisories/5908

Source: SuSE SuSE-SA:2003:043 openssl
URL: http://online.securityfocus.com/advisories/5926

Source: TurboLinux TLSA-2003-55 DoS vulnerability in openssl
URL: http://online.securityfocus.com/advisories/5923

Source: A vulnerability has been discovered in F-Secure SSH in the way it handles digita
URL: http://www.f-secure.com/support/technical/ssh/ssh2_digital_certificates_tech.shtml

Source: Apple Security Updates
URL: http://www.info.apple.com/usen/security/security_updates.html

Source: Apple Software Downloads
URL: http://www.apple.com/swupdates/

Source: Cisco Security Advisory: SSL Implementation Vulnerabilities
URL: http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml

Source: NISCC Vulnerability Advisory 006489/OpenSSL
URL: http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm

Source: OpenSSL Security Advisory [30 September 2003]
URL: http://www.openssl.org/news/secadv_20030930.txt

Source: OpenSSL security bugs
URL: http://www.stonesoft.com/document/art/3040.html

Source: Patches Now Available For SmoothWall GPL 1.0, 2.0b6 "voyager"
URL: http://www.smoothwall.org/home/news/item/20031001.01.html

Source: Security Advisory: OpenSSL Vulnerability
URL: http://www.bluecoat.com/support/knowledge/advisory_openSSL_ASN_vulnerability.html

Source: Security Alerts
URL: http://support.novell.com/security-alerts/

Source: SSH IPSec Toolkit Security Bugs
URL: http://www.stonesoft.com/document/art/3041.html

Source: SSH Sentinel Security Vulnerability in BER Decoding
URL: http://www.ssh.com/company/newsroom/article/477/

Source: Vulnerabilities in ASN.1 parsing
URL: http://www.openssl.org/news/secadv_20030930.txt

Source: Vulnerability Note VU#255484
URL: http://www.kb.cert.org/vuls/id/255484

Source: Vulnerability Note VU#380864
URL: http://www.kb.cert.org/vuls/id/380864

Source: Vulnerability Note VU#686224
URL: http://www.kb.cert.org/vuls/id/686224

Source: Vulnerability Note VU#732952
URL: http://www.kb.cert.org/vuls/id/732952

Source: Vulnerability Note VU#935264
URL: http://www.kb.cert.org/vuls/id/935264

Credits
Discovery is credited to NISCC and Stephen Henson.

Copyright (c) 2003 by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from symsecurity@symantec.com.

Disclaimer
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and SymSecurity are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.

Site Map · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2008 Symantec Corporation