Important: Openssl Security Update [CVE-2008-5077]

in Categories CentOS, Debian Linux, fedora linux, FreeBSD, GNU/Open source, Howto, Linux, News, RedHat/Fedora Linux, Security Alert, Slackware, Suse Linux, Sys admin last updated January 8, 2009

Linux / BSD and UNIX like operating systems includes software from the OpenSSL Project. The OpenSSL is commercial-grade, industry-strength, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as general purpose cryptography library.

The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a “man in the middle” attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation.

This update has been rated as having important security impact on FreeBSD, all version of Ubuntu / Debian, Red Hat (RHEL), CentOS, Fedora and other open source operating system that depends upon OpenSSL.

Debian GNU/Linux 4.0 Update 6 Released

in Categories Debian Linux, Linux distribution, Security, Security Alert last updated December 18, 2008

Didn’t take long to release new updated version.

The Debian project is pleased to announce the sixth update of its stable distribution Debian GNU/Linux 4.0 (codename “etch”). This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems. This update has been rated as having important security impact. You are advised to upgrade system ASAP.