Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > October 2005 > OpenSSL - version 0.9.8a and 0.9.7h released

October 2005

OpenSSL - version 0.9.8a and 0.9.7h released

ID: 00898
Ref: 838/05
Date: 12 October 2005:16:52:23
Version: 1
Title: OpenSSL - version 0.9.8a and 0.9.7h released
Abstract: This new OpenSSL version is a security and bugfix release and incorporates changes and bugfixes to the toolkit.
Vendors affected: OpenSSL
Operating systems affected: OpenSSL
Applications affected: OpenSSL

Title
=====
OpenSSL - version 0.9.8a and 0.9.7h released


Detail
======

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


OpenSSL version 0.9.8a and 0.9.7h released
==========================================

OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/

The OpenSSL project team is pleased to announce the release of
version 0.9.8a of our open source toolkit for SSL/TLS. This new
OpenSSL version is a security and bugfix release and incorporates
changes and bugfixes to the toolkit. For a complete list of
changes, please see http://www.openssl.org/source/exp/CHANGES.

We also release 0.9.7h, which contains the same security bugfix as
0.9.8a and a few small bugfixes compared to 0.9.7g.

These updates contain a fix for CAN-2005-2969, a potential SSL 2.0
rollback reported by Yutaka Oiwa. For more details of the security
issue being fixed in this release please see
http://www.openssl.org/news/secadv_20051011.txt

We consider OpenSSL 0.9.8a to be the best version of OpenSSL
available and we strongly recommend that users of older versions
upgrade as soon as possible. OpenSSL 0.9.8a is available for
download via HTTP and FTP from the following master locations (you
can find the various FTP mirrors under
http://www.openssl.org/source/mirror.html):

* http://www.openssl.org/source/
* ftp://ftp.openssl.org/source/

For those who want or have to stay with the 0.9.7 series of
OpenSSL, we strongly recommend that you upgrade to OpenSSL 0.9.7h
as soon as possible. It's available in the same location as
0.9.8a.

The distribution file names are:

* openssl-0.9.8a.tar.gz
MD5 checksum: 1d16c727c10185e4d694f87f5e424ee1
SHA1 checksum: 2aaba0f728179370fb3e86b43209205bc6c06a3a

* openssl-0.9.7h.tar.gz
MD5 checksum: 8dc90a113eb8925795071fbe52b2932c
SHA1 checksum: 9fe535fce89af967b29c4727dedd25f2b4cc2f0d

The checksums were calculated using the following commands:

openssl md5 openssl-0.9.*.tar.gz
openssl sha1 openssl-0.9.*.tar.gz

Yours,

The OpenSSL Project Team...

Mark J. Cox Nils Larsch Ulf Möller
Ralf S. Engelschall Ben Laurie Andy Polyakov
Dr. Stephen Henson Richard Levitte Geoff Thorpe
Lutz Jänicke Bodo Möller



- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQCVAwUBQ0uaXu6tTP1JpWPZAQKXyAP/V6xGTooFL52d9Ep0qd0DDaZCSHlukk48
DWljg3EY9QF9BfzLVB1BDbLNuHAyYpeAEjvte4kwHV1vWvAoiabV+XMx8kuoRTxi
O+8NLOeOc1hilC0hLDYfM+XPq5k9dPiOfQvYpnqiwnr/TnwSBh11D+EEcoZlQToE
a6qRMTC3mAM=
=bwJD
- -----END PGP SIGNATURE-----



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |