Details
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.Novell Bugzilla entry: 459662,505503 SUSE Security Advisories:
- SUSE-SR:2009:005, published Mon, 02 Mar 2009 13:00:00 +0000
- SUSE-SR:2009:005 , published Mon, 02 Mar 2009 13:00:00 +0000
- SUSE-SR:2009:008 , published Mon, 06 Apr 2009 15:00:00 +0000
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64 Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM POWER SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for IBM zSeries 64bit SUSE CORE 9 for Itanium Processor Family SUSE CORE 9 for x86 |
| sles9-nld. x86 core9. x86 core9. s390 core9. ppc sles9-nlpos. x86 sles9-nld. x86-64 core9. ia64 core9. s390x core9. x86-64 sles9-oes. x86 YOU Patch Nr: 12338 |
| SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP2 for x86 |
| sles10-sp2. x86-64 sles10-sp2-sdk. x86-64 sles10-sp2. x86 sled10-sp2. x86 sles10-sp2-sdk. s390x sles10-sp2-debuginfo. ppc sles10-sp2-debuginfo. ia64 sles10-sp2-sdk. ia64 sles10-sp2-debuginfo. x86 sled10-sp2. x86-64 sles10-sp2-debuginfo. x86-64 sles10-sp2-sdk. x86 sles10-sp2-debuginfo. s390x sles10-sp2. ppc sles10-sp2-sdk. ppc sles10-sp2. s390x sles10-sp2. ia64 ZYPP Patch Nr: 6072 |
| SUSE Linux Enterprise 10 SP2 DEBUGINFO for AMD64 and Intel EM64T SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM POWER SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM zSeries 64bit SUSE Linux Enterprise 10 SP2 DEBUGINFO for IPF SUSE Linux Enterprise 10 SP2 DEBUGINFO for x86 |
| sles10-sp2. x86-64 sles10-sp2-sdk. x86-64 sles10-sp2. x86 sled10-sp2. x86 sles10-sp2-sdk. s390x sles10-sp2-debuginfo. ppc sles10-sp2-debuginfo. ia64 sles10-sp2-sdk. ia64 sles10-sp2-debuginfo. x86 sled10-sp2. x86-64 sles10-sp2-debuginfo. x86-64 sles10-sp2-sdk. x86 sles10-sp2-debuginfo. s390x sles10-sp2. ppc sles10-sp2-sdk. ppc sles10-sp2. s390x sles10-sp2. ia64 ZYPP Patch Nr: 6072 |
| SLE SDK 10 SP2 for IBM iSeries and IBM pSeries SLE SDK 10 SP2 for IBM zSeries SLE SDK 10 SP2 for IPF SLE SDK 10 SP2 for X86-64 SLE SDK 10 SP2 for x86 |
| sles10-sp2. x86-64 sles10-sp2-sdk. x86-64 sles10-sp2. x86 sled10-sp2. x86 sles10-sp2-sdk. s390x sles10-sp2-debuginfo. ppc sles10-sp2-debuginfo. ia64 sles10-sp2-sdk. ia64 sles10-sp2-debuginfo. x86 sled10-sp2. x86-64 sles10-sp2-debuginfo. x86-64 sles10-sp2-sdk. x86 sles10-sp2-debuginfo. s390x sles10-sp2. ppc sles10-sp2-sdk. ppc sles10-sp2. s390x sles10-sp2. ia64 ZYPP Patch Nr: 6072 |
| SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM POWER SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for IPF SUSE Linux Enterprise Server 10 SP2 for x86 |
| sles10-sp2. x86-64 sles10-sp2-sdk. x86-64 sles10-sp2. x86 sled10-sp2. x86 sles10-sp2-sdk. s390x sles10-sp2-debuginfo. ppc sles10-sp2-debuginfo. ia64 sles10-sp2-sdk. ia64 sles10-sp2-debuginfo. x86 sled10-sp2. x86-64 sles10-sp2-debuginfo. x86-64 sles10-sp2-sdk. x86 sles10-sp2-debuginfo. s390x sles10-sp2. ppc sles10-sp2-sdk. ppc sles10-sp2. s390x sles10-sp2. ia64 ZYPP Patch Nr: 6072 |
| openSUSE 10.3 |
| |
| openSUSE 11.0 |
| SAT Patch Nr: 439 |
| openSUSE 11.0 |
| SAT Patch Nr: 439 |
| openSUSE 11.1 |
| SAT Patch Nr: 439 |
| openSUSE 11.1 |
| SAT Patch Nr: 439 |