Novell Home

CVE-2009-0049

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

CVE-2009-0049 at MITRE

Details

Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
Novell Bugzilla entry: 468866

SUSE Security Advisories:

Product(s) Fixed package version(s) References
openSUSE 10.3
  • eID-belgium >= 2.5.9-119.2
 ZYPP Patch Nr: 6009
SAT Patch Nr: 541
openSUSE 11.0
  • eID-belgium-debuginfo >= 2.6.0-73.2
  • eID-belgium-debugsource >= 2.6.0-73.2
 ZYPP Patch Nr: 6009
SAT Patch Nr: 541
openSUSE 11.0
  • eID-belgium >= 2.6.0-73.2
 ZYPP Patch Nr: 6009
SAT Patch Nr: 541
openSUSE 11.1
  • eID-belgium-debuginfo >= 2.6.0-121.29.2
  • eID-belgium-debugsource >= 2.6.0-121.29.2
 ZYPP Patch Nr: 6009
SAT Patch Nr: 541
openSUSE 11.1
  • eID-belgium >= 2.6.0-121.29.2
 ZYPP Patch Nr: 6009
SAT Patch Nr: 541
SLE SDK 10 SP2 for IBM iSeries and IBM pSeries
SLE SDK 10 SP2 for IBM zSeries
SLE SDK 10 SP2 for IPF
SLE SDK 10 SP2 for X86-64
SLE SDK 10 SP2 for x86
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP2 for x86
  • eID-belgium >= 2.5.9-26.12
 sled10-sp2. x86
sles10-sp2-sdk. x86
sled10-sp2. x86-64
sles10-sp2-sdk. x86-64
sles10-sp2-sdk. s390x
sles10-sp2-sdk. ppc
sles10-sp2-sdk. ia64
ZYPP Patch Nr: 6006

Novell® Making IT Work As One

© 2009 Novell, Inc. All Rights Reserved.