=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN447
_____________________________________________________________________

DATE                      : 06/11/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running OpenSSL version prior to 0.9.8l.

======================================================================
http://www.openssl.org/news/announce.html
______________________________________________________________________
Announcement: OpenSSL version 0.9.8l
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/

The OpenSSL project team is pleased to announce the release of version
0.9.8l of our open source toolkit for SSL/TLS. This new OpenSSL version
is a security release which disables renegotiation as a workaround for
CVE-2009-3555. For a complete list of changes, please see
http://www.openssl.org/source/exp/CHANGES.

We consider OpenSSL 0.9.8l to be the best version of OpenSSL available
and we strongly recommend that users of older versions upgrade as soon
as possible. OpenSSL 0.9.8l is available for download via HTTP and FTP
from the following master locations (you can find the various FTP mirrors
under http://www.openssl.org/source/mirror.html):

    * http://www.openssl.org/source/
    * ftp://ftp.openssl.org/source/

The distribution file name is:

    * openssl-0.9.8l.tar.gz
      Size: 4179422
      MD5 checksum: 05a0ece1372392a2cf310ebb96333025 SHA1 checksum: d3fb6ec89532ab40646b65af179bb1770f7ca28f

The checksums were calculated using the following commands:

        openssl md5 openssl-0.9.*.tar.gz
        openssl sha1 openssl-0.9.*.tar.gz

Yours,
The OpenSSL Project Team...

    Mark J. Cox             Nils Larsch         Ulf Möller
    Ralf S. Engelschall     Ben Laurie          Andy Polyakov
    Dr. Stephen Henson      Richard Levitte     Geoff Thorpe
    Lutz Jänicke            Bodo Möller

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================