Privacy and Legal Notice

DOE-CIRC TECHNICAL BULLETIN

T-240: OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Remote Denial of Service Vulnerability

[CVE-2009-1387]

September 28, 2009 14:00 GMT
PROBLEM: OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.
PLATFORM: All versions prior to OpenSSL 1.0.0 Beta 2
ABSTRACT: The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service.
LINKS:  
  DOE-CIRC BULLETIN: http://www.doecirc.energy.gov/bulletins/t-240.shtml
  OTHER LINKS: Security Focus
http://www.securityfocus.com/bid/35417/info
Secunia
http://secunia.com/advisories/35571

  CVE: CVE-2009-1387
IMPACT ASSESSMENT: This risk is low. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. 
[***** Start CVE-2009-1387 *****]
Discussion:
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." 

Versions prior to OpenSSL 1.0.0 Beta 2 are vulnerable. 

Solution:
Updates are available. Please see the references for more information.

Ubuntu Ubuntu Linux 8.04 LTS powerpc

* Ubuntu libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.7_powerpc.udeb
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g -4ubuntu3.7_powerpc.udeb

* Ubuntu libssl-dev_0.9.8g-4ubuntu3.7_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3 .7_powerpc.deb

* Ubuntu libssl0.9.8-dbg_0.9.8g-4ubuntu3.7_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ub untu3.7_powerpc.deb

* Ubuntu libssl0.9.8_0.9.8g-4ubuntu3.7_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu 3.7_powerpc.deb

* Ubuntu openssl-doc_0.9.8g-4ubuntu3.7_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9. 8g-4ubuntu3.7_all.deb

* Ubuntu openssl_0.9.8g-4ubuntu3.7_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.7_ powerpc.deb

Ubuntu Ubuntu Linux 8.10 powerpc

* Ubuntu libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.4_powerpc.udeb
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g -10.1ubuntu2.4_powerpc.udeb

* Ubuntu libssl-dev_0.9.8g-10.1ubuntu2.4_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubun tu2.4_powerpc.deb

* Ubuntu libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.4_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10. 1ubuntu2.4_powerpc.deb

* Ubuntu libssl0.9.8_0.9.8g-10.1ubuntu2.4_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubu ntu2.4_powerpc.deb

* Ubuntu openssl-doc_0.9.8g-10.1ubuntu2.4_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9. 8g-10.1ubuntu2.4_all.deb

* Ubuntu openssl_0.9.8g-10.1ubuntu2.4_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2 .4_powerpc.deb

Ubuntu Ubuntu Linux 8.04 LTS sparc

* Ubuntu libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.7_sparc.udeb
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g -4ubuntu3.7_sparc.udeb

* Ubuntu libssl-dev_0.9.8g-4ubuntu3.7_sparc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3 .7_sparc.deb

* Ubuntu libssl0.9.8-dbg_0.9.8g-4ubuntu3.7_sparc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ub untu3.7_sparc.deb

* Ubuntu libssl0.9.8_0.9.8g-4ubuntu3.7_sparc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu 3.7_sparc.deb

* Ubuntu openssl-doc_0.9.8g-4ubuntu3.7_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9. 8g-4ubuntu3.7_all.deb

* Ubuntu openssl_0.9.8g-4ubuntu3.7_sparc.deb
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.7_ sparc.deb

Ubuntu Ubuntu Linux 6.06 LTS sparc

* Ubuntu libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.9_sparc.udeb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-u deb_0.9.8a-7ubuntu0.9_sparc.udeb

* Ubuntu libssl-dev_0.9.8a-7ubuntu0.9_sparc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8 a-7ubuntu0.9_sparc.deb

* Ubuntu libssl0.9.8-dbg_0.9.8a-7ubuntu0.9_sparc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_ 0.9.8a-7ubuntu0.9_sparc.deb

* Ubuntu libssl0.9.8_0.9.8a-7ubuntu0.9_sparc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9. 8a-7ubuntu0.9_sparc.deb

* Ubuntu openssl_0.9.8a-7ubuntu0.9_sparc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7 ubuntu0.9_sparc.deb

Ubuntu Ubuntu Linux 8.04 LTS amd64

* Ubuntu libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.7_amd64.udeb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-u deb_0.9.8g-4ubuntu3.7_amd64.udeb

* Ubuntu libssl-dev_0.9.8g-4ubuntu3.7_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8 g-4ubuntu3.7_amd64.deb

* Ubuntu libssl0.9.8-dbg_0.9.8g-4ubuntu3.7_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_ 0.9.8g-4ubuntu3.7_amd64.deb

* Ubuntu libssl0.9.8_0.9.8g-4ubuntu3.7_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9. 8g-4ubuntu3.7_amd64.deb

* Ubuntu openssl-doc_0.9.8g-4ubuntu3.7_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9. 8g-4ubuntu3.7_all.deb

* Ubuntu openssl_0.9.8g-4ubuntu3.7_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4 ubuntu3.7_amd64.deb

Ubuntu Ubuntu Linux 9.04 sparc

* Ubuntu libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.2_sparc.udeb
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g -15ubuntu3.2_sparc.udeb

* Ubuntu libssl-dev_0.9.8g-15ubuntu3.2_sparc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu 3.2_sparc.deb

* Ubuntu libssl0.9.8-dbg_0.9.8g-15ubuntu3.2_sparc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15u buntu3.2_sparc.deb

* Ubuntu libssl0.9.8_0.9.8g-15ubuntu3.2_sparc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubunt u3.2_sparc.deb

* Ubuntu openssl-doc_0.9.8g-15ubuntu3.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9. 8g-15ubuntu3.2_all.deb

* Ubuntu openssl_0.9.8g-15ubuntu3.2_sparc.deb
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.2 _sparc.deb

Ubuntu Ubuntu Linux 9.04 powerpc

* Ubuntu libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.2_powerpc.udeb
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g -15ubuntu3.2_powerpc.udeb

* Ubuntu libssl-dev_0.9.8g-15ubuntu3.2_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu 3.2_powerpc.deb

* Ubuntu libssl0.9.8-dbg_0.9.8g-15ubuntu3.2_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15u buntu3.2_powerpc.deb

* Ubuntu libssl0.9.8_0.9.8g-15ubuntu3.2_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubunt u3.2_powerpc.deb

* Ubuntu openssl-doc_0.9.8g-15ubuntu3.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9. 8g-15ubuntu3.2_all.deb

* Ubuntu openssl_0.9.8g-15ubuntu3.2_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.2 _powerpc.deb

Ubuntu Ubuntu Linux 9.04 i386

* Ubuntu libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.2_i386.udeb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-u deb_0.9.8g-15ubuntu3.2_i386.udeb

* Ubuntu libssl-dev_0.9.8g-15ubuntu3.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8 g-15ubuntu3.2_i386.deb

* Ubuntu libssl0.9.8-dbg_0.9.8g-15ubuntu3.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_ 0.9.8g-15ubuntu3.2_i386.deb

* Ubuntu libssl0.9.8_0.9.8g-15ubuntu3.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9. 8g-15ubuntu3.2_i386.deb

* Ubuntu openssl-doc_0.9.8g-15ubuntu3.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9. 8g-15ubuntu3.2_all.deb

* Ubuntu openssl_0.9.8g-15ubuntu3.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-1 5ubuntu3.2_i386.deb

Ubuntu Ubuntu Linux 8.10 sparc

* Ubuntu libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.4_sparc.udeb
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g -10.1ubuntu2.4_sparc.udeb

* Ubuntu libssl-dev_0.9.8g-10.1ubuntu2.4_sparc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubun tu2.4_sparc.deb

* Ubuntu libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.4_sparc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10. 1ubuntu2.4_sparc.deb

* Ubuntu libssl0.9.8_0.9.8g-10.1ubuntu2.4_sparc.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubu ntu2.4_sparc.deb

* Ubuntu openssl-doc_0.9.8g-10.1ubuntu2.4_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9. 8g-10.1ubuntu2.4_all.deb

* Ubuntu openssl_0.9.8g-10.1ubuntu2.4_sparc.deb
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2 .4_sparc.deb

Ubuntu Ubuntu Linux 9.04 lpia

* Ubuntu libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.2_lpia.udeb
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g -15ubuntu3.2_lpia.udeb

* Ubuntu libssl-dev_0.9.8g-15ubuntu3.2_lpia.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu 3.2_lpia.deb

* Ubuntu libssl0.9.8-dbg_0.9.8g-15ubuntu3.2_lpia.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15u buntu3.2_lpia.deb

* Ubuntu libssl0.9.8_0.9.8g-15ubuntu3.2_lpia.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubunt u3.2_lpia.deb

* Ubuntu openssl-doc_0.9.8g-15ubuntu3.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9. 8g-15ubuntu3.2_all.deb

* Ubuntu openssl_0.9.8g-15ubuntu3.2_lpia.deb
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.2 _lpia.deb

MandrakeSoft Linux Mandrake 2009.0 x86_64

* Mandriva lib64openssl0.9.8-0.9.8h-3.4mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/

* Mandriva lib64openssl0.9.8-devel-0.9.8h-3.4mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/

* Mandriva lib64openssl0.9.8-static-devel-0.9.8h-3.4mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/

* Mandriva openssl-0.9.8h-3.4mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 9.04 amd64

* Ubuntu libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.2_amd64.udeb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-u deb_0.9.8g-15ubuntu3.2_amd64.udeb

* Ubuntu libssl-dev_0.9.8g-15ubuntu3.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8 g-15ubuntu3.2_amd64.deb

* Ubuntu libssl0.9.8-dbg_0.9.8g-15ubuntu3.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_ 0.9.8g-15ubuntu3.2_amd64.deb

* Ubuntu libssl0.9.8_0.9.8g-15ubuntu3.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9. 8g-15ubuntu3.2_amd64.deb

* Ubuntu openssl-doc_0.9.8g-15ubuntu3.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9. 8g-15ubuntu3.2_all.deb

* Ubuntu openssl_0.9.8g-15ubuntu3.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-1 5ubuntu3.2_amd64.deb

MandrakeSoft Linux Mandrake 2009.1

* Mandriva libopenssl0.9.8-0.9.8k-1.2mdv2009.1.i586.rpm
http://www.mandriva.com/en/download/

* Mandriva libopenssl0.9.8-devel-0.9.8k-1.2mdv2009.1.i586.rpm
http://www.mandriva.com/en/download/

* Mandriva libopenssl0.9.8-static-devel-0.9.8k-1.2mdv2009.1.i586.rpm
http://www.mandriva.com/en/download/

* Mandriva openssl-0.9.8k-1.2mdv2009.1.i586.rpm
http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 8.10 amd64

* Ubuntu libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.4_amd64.udeb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-u deb_0.9.8g-10.1ubuntu2.4_amd64.udeb

* Ubuntu libssl-dev_0.9.8g-10.1ubuntu2.4_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8 g-10.1ubuntu2.4_amd64.deb

* Ubuntu libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.4_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_ 0.9.8g-10.1ubuntu2.4_amd64.deb

* Ubuntu libssl0.9.8_0.9.8g-10.1ubuntu2.4_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9. 8g-10.1ubuntu2.4_amd64.deb

* Ubuntu openssl-doc_0.9.8g-10.1ubuntu2.4_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9. 8g-10.1ubuntu2.4_all.deb

* Ubuntu openssl_0.9.8g-10.1ubuntu2.4_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-1 0.1ubuntu2.4_amd64.deb

MandrakeSoft Linux Mandrake 2008.1 x86_64

* Mandriva lib64openssl0.9.8-0.9.8g-4.5mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/

* Mandriva lib64openssl0.9.8-devel-0.9.8g-4.5mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/

* Mandriva lib64openssl0.9.8-static-devel-0.9.8g-4.5mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/

* Mandriva openssl-0.9.8g-4.5mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/

MandrakeSoft Linux Mandrake 2008.1

* Mandriva libopenssl0.9.8-0.9.8g-4.5mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/

* Mandriva libopenssl0.9.8-devel-0.9.8g-4.5mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/

* Mandriva libopenssl0.9.8-static-devel-0.9.8g-4.5mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/

* Mandriva openssl-0.9.8g-4.5mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/

MandrakeSoft Linux Mandrake 2009.1 x86_64

* Mandriva lib64openssl0.9.8-0.9.8k-1.2mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/

* Mandriva lib64openssl0.9.8-devel-0.9.8k-1.2mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/

* Mandriva lib64openssl0.9.8-static-devel-0.9.8k-1.2mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/

* Mandriva openssl-0.9.8k-1.2mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 8.10 i386

* Ubuntu libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.4_i386.udeb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-u deb_0.9.8g-10.1ubuntu2.4_i386.udeb

* Ubuntu libssl-dev_0.9.8g-10.1ubuntu2.4_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8 g-10.1ubuntu2.4_i386.deb

* Ubuntu libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.4_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_ 0.9.8g-10.1ubuntu2.4_i386.deb

* Ubuntu libssl0.9.8_0.9.8g-10.1ubuntu2.4_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9. 8g-10.1ubuntu2.4_i386.deb

* Ubuntu openssl-doc_0.9.8g-10.1ubuntu2.4_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9. 8g-10.1ubuntu2.4_all.deb

* Ubuntu openssl_0.9.8g-10.1ubuntu2.4_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-1 0.1ubuntu2.4_i386.deb

MandrakeSoft Enterprise Server 5 x86_64

* Mandriva lib64openssl0.9.8-0.9.8h-3.4mdvmes5.x86_64.rpm
http://www.mandriva.com/en/download/

* Mandriva lib64openssl0.9.8-devel-0.9.8h-3.4mdvmes5.x86_64.rpm
http://www.mandriva.com/en/download/

* Mandriva lib64openssl0.9.8-static-devel-0.9.8h-3.4mdvmes5.x86_64.rpm
http://www.mandriva.com/en/download/

* Mandriva openssl-0.9.8h-3.4mdvmes5.x86_64.rpm
http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 6.06 LTS powerpc

* Ubuntu libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.9_powerpc.udeb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-u deb_0.9.8a-7ubuntu0.9_powerpc.udeb

* Ubuntu libssl-dev_0.9.8a-7ubuntu0.9_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8 a-7ubuntu0.9_powerpc.deb

* Ubuntu libssl0.9.8-dbg_0.9.8a-7ubuntu0.9_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_ 0.9.8a-7ubuntu0.9_powerpc.deb

* Ubuntu libssl0.9.8_0.9.8a-7ubuntu0.9_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9. 8a-7ubuntu0.9_powerpc.deb

* Ubuntu openssl_0.9.8a-7ubuntu0.9_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7 ubuntu0.9_powerpc.deb

MandrakeSoft Enterprise Server 5

* Mandriva libopenssl0.9.8-0.9.8h-3.4mdvmes5.i586.rpm
http://www.mandriva.com/en/download/

* Mandriva libopenssl0.9.8-devel-0.9.8h-3.4mdvmes5.i586.rpm
http://www.mandriva.com/en/download/

* Mandriva libopenssl0.9.8-static-devel-0.9.8h-3.4mdvmes5.i586.rpm
http://www.mandriva.com/en/download/

* Mandriva openssl-0.9.8h-3.4mdvmes5.i586.rpm
http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 8.04 LTS lpia

* Ubuntu libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.7_lpia.udeb
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g -4ubuntu3.7_lpia.udeb

* Ubuntu libssl-dev_0.9.8g-4ubuntu3.7_lpia.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3 .7_lpia.deb

* Ubuntu libssl0.9.8-dbg_0.9.8g-4ubuntu3.7_lpia.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ub untu3.7_lpia.deb

* Ubuntu libssl0.9.8_0.9.8g-4ubuntu3.7_lpia.deb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu 3.7_lpia.deb

* Ubuntu openssl-doc_0.9.8g-4ubuntu3.7_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9. 8g-4ubuntu3.7_all.deb

* Ubuntu openssl_0.9.8g-4ubuntu3.7_lpia.deb
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.7_ lpia.deb

Ubuntu Ubuntu Linux 6.06 LTS i386

* Ubuntu libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.9_i386.udeb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-u deb_0.9.8a-7ubuntu0.9_i386.udeb

* Ubuntu libssl-dev_0.9.8a-7ubuntu0.9_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8 a-7ubuntu0.9_i386.deb

* Ubuntu libssl0.9.8-dbg_0.9.8a-7ubuntu0.9_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_ 0.9.8a-7ubuntu0.9_i386.deb

* Ubuntu libssl0.9.8_0.9.8a-7ubuntu0.9_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9. 8a-7ubuntu0.9_i386.deb

* Ubuntu openssl_0.9.8a-7ubuntu0.9_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7 ubuntu0.9_i386.deb
[***** End CVE-2009-1387 *****]
DOE-CIRC services are available to DOE, DOE Contractors, and the NIH. DOE-CIRC can be contacted at: 
    Voice:          866-941-2472
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov
UCRL-MI-119788