Yellow Dog Linux Security Announcement
--------------------------------------

Package:	openssl	
Issue Date: 	July 25, 2001
Priority:	high		
Advisory ID: 	YDU-20010725-20


1. 	Topic:

	Several security vulnerabilities were
	discovered in the OpenSSL software.


2. 	Problem:

	"Versions of OpenSSL prior to 0.9.6a suffer from potential security
	problems. These include potential leakage of information after SSL
	version 3 key exchanges, imperfect distribution of random numbers used
	when generating signatures, honoring of sensitive environment variables
	in library functions in setuid or setgid applications, and not taking
	precautions to counter effects of potential hardware glitches when
	generating digital signatures.

	A flaw has also been found in the pseudo-random number generator used
	in versions of OpenSSL prior to 0.9.6b. The OpenSSL Project Team has
	released a patch which corrects this problem."
	(from Red Hat's security advisory) 


3. 	Solution:

   	a) Updating via yup...
   	We suggest that you use the Yellow Dog Update Program (yup)
   	to keep your system up-to-date. The following command(s) will
   	automatically retrieve and install the fixed version of
   	this update onto your system:

   		yup update openssl 
		yup update openssl-devel
		yup update openssl-perl
		yup update openssl-python 

   	b) Updating manually...
   	The update can also be retrieved manually from our ftp site
   	below along with the rpm command that should be used to install
   	the update.  (Please use a mirror site)

   		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.0/ppc/RPMS/
                rpm -Fvh openssl-0.9.6-9.ppc.rpm
		rpm -Fvh openssl-devel-0.9.6-9.ppc.rpm
		rpm -Fvh openssl-perl-0.9.6-9.ppc.rpm
		rpm -Fvh openssl-python-0.9.6-9.ppc.rpm

4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
f193e7d11639893b5380d7125fc7aefc  SRPMS/openssl-0.9.6-9.src.rpm
b099fe4944ab4ce3d55da40ef1806c3e  ppc/RPMS/openssl-0.9.6-9.ppc.rpm
3385bcf0fef71ac48a1c0358deed076d  ppc/RPMS/openssl-devel-0.9.6-9.ppc.rpm
98b7f2af7d7a17718c959cb1600755bd  ppc/RPMS/openssl-perl-0.9.6-9.ppc.rpm
9a0619a7fd58019d3cd5b54f2754e6e6  ppc/RPMS/openssl-python-0.9.6-9.ppc.rpm

If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.

For information regarding the usage of yup, the Yellow Dog Update Program, see 
http://http://www.yellowdoglinux.com/support/solutions/ydl_general/yup.shtml