>From the changelog:

Security fix: Vaudenay timing attack on CBC

• *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked

• via timing by performing a MAC computation even if incorrrect
  

• block cipher padding has been found.  This is a countermeasure
  

• against active attacks where the attacker has to distinguish
  

• between bad padding and a MAC verification error. (CAN-2003-0078)
  

• [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
  

• Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
  

• Martin Vuagnoux (EPFL, Ilion)]
  

---------- Forwarded message ----------
Date: Wed, 19 Feb 2003 14:43:57 +0100 (CET)
From: Richard Levitte - VMS Whacker <[email protected]>
Reply-To: [email protected]
To: [email protected], [email protected],
[email protected], [email protected], [email protected],
[email protected], [email protected],
[email protected], [email protected], [email protected]
Subject: [ANNOUNCE] OpenSSL 0.9.7a and 0.9.6i released

-----BEGIN PGP SIGNED MESSAGE-----

OpenSSL version 0.9.7a and 0.9.6i released

OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/

The OpenSSL project team is pleased to announce the release of
version 0.9.7a of our open source toolkit for SSL/TLS. This new
OpenSSL version is a security and bugfix release and incorporates
at least 11 changes and bugfixes to the toolkit (for a complete list
see http://www.openssl.org/source/exp/CHANGES.

We also release 0.9.6i, which contains the same security bugfix as
0.9.7a and a few more small bugfixes compared to 0.9.6h.

The most significant changes are:

o Security: Important security related bugfixes. [0.9.7a and 0.9.6i]
o Enhanced compatibility with MIT Kerberos. [0.9.7a]
o Can be built without the ENGINE framework. [0.9.7a]
o IA32 assembler enhancements. [0.9.7a]
o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64. [0.9.7a]
o Configuration: the no-err option now works properly. [0.9.7a]
o SSL/TLS: now handles manual certificate chain building. [0.9.7a]
o SSL/TLS: certain session ID malfunctions corrected. [0.9.7a]

We consider OpenSSL 0.9.7a to be the best version of OpenSSL available
and we strongly recommend that users of older versions upgrade as
soon as possible. OpenSSL 0.9.7a is available for download via HTTP
and FTP from the following master locations (you can find the various
FTP mirrors under http://www.openssl.org/source/mirror.html&#41;:

o http://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

For those who want or have to stay with the 0.9.6 series of OpenSSL,
we strongly recommend that you upgrade to OpenSSL 0.9.6i as soon as
possible. It's available in the same location as 0.9.7a.

The distribution file name is:

o openssl-0.9.7a.tar.gz [normal]
  MD5 checksum: a0d3203ecf10989fdc61c784ae82e531
o openssl-0.9.6i.tar.gz [normal]
  MD5 checksum: 9c4db437c17e0b6412c5e4645b6fcf5c
o openssl-engine-0.9.6i.tar.gz [engine]
  MD5 checksum: c9adc0596c630b31b999eba32fc0a6b3

The checksums were calculated using the following command:

openssl md5 < openssl-0.9.7a.tar.gz
openssl md5 < openssl-0.9.6i.tar.gz
openssl md5 < openssl-engine-0.9.6i.tar.gz

Yours,
The OpenSSL Project Team…

Mark J. Cox             Ben Laurie          Andy Polyakov
Ralf S. Engelschall     Richard Levitte     Geoff Thorpe
Dr. Stephen Henson      Bodo Möller
Lutz Jänicke            Ulf Möller

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQEVAwUBPlOJmPTy7ZjgbSyxAQHG4Qf+K6vX8kk9msYI3iD6zK3BSXzMFO0pCVNN
8OkUW7wsmAnoSRuT89jGTom0fmIi1eiQcOFUf1krlk7btJ4KRVEok/G2ooa4qOmq
MU+4djKgM/LDlqzAbDfN7cEbWGPJeP4polPTgOBYqexBdwoTvJuX9m4LRgvK2enW
BsJjqdsmsLqWlMmixpKsMHNXXyYqs8SGhdSR7SQlbCVNu6QabWi21NbKCvyJzhEq
5Bn9mUej60GHOdTNpRGwqWxBCvl/kAPnOP4ffj5mbQL+R9VYCeCy3BsjDmLdmDt9
xqxdXBxPqu/S1OnSnsTQeMk70o3qX0F6lgqhNUt6FtHynbxoAGAPcw==
=KOdL
-----END PGP SIGNATURE-----

OpenSSL Project http://www.openssl.org
Announcement Mailing List [email protected]
Automated List Manager [email protected]