-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2012-0034

Title: OpenSSL Security Update

Version history:
13.03.2012 Initial publication

Summary
=======
OpenSSL has issued a security update for the CMS and S/MIME Bleichenbacher attack (CVE-2012-0884).[1]

Affected Versions
=================
Versions prior to OpenSSL 1.0.0h and 0.9.8u.

(SSL/TLS applications are *NOT* affected by this problem since the SSL/TLS code does not use the PKCS#7 or CMS decryption code.[2])

Original Details
================
A weakness in the OpenSSL CMS and PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding  also known as the million message attack (MMA).[2][4]

What can you do?
================
Deploy the updated versions of the software (OpenSSL 0.9.8u and OpenSSL
1.0.0h are available for download[3])

What to tell your users?
========================
N/A

More information
================
[1] http://isc.sans.edu/diary.html?storyid=12769&rss
[2] http://www.openssl.org/news/secadv_20120312.txt
[3] http://www.openssl.org/source/
[4] http://tools.ietf.org/html/rfc3218

Best regards,
CERT-EU
CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383

(DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in
its setup phase, until May 2012. Services are provided in a pilot
fashion, and are not yet fully functional. Announcements, alerts and
warnings are sent out in best effort manner, and to contact information
currently known to us. We apologise if you are not the correct
recipient, or if you had already been warned about this issue from
another source . Format, content and way of alerting are subject to
change in the future. Contact information or even the team name may
change as well.)
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.39

iQJXBAEBAgBBBQJPX0dGOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp
b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4NcKA//ZFMup9pk
AO3CjPxZNxlRjxQStu/4aodRWH9KRRgbsIarlTavxaLhm2X3VqMbIEVJQDEc3N0g
9csRi6qi+S2t49jXDFtjoJ0/b/W9ZKQ1s66Sw2lqJm8KJzxBrq8hCudnWXzJJ9w3
xeSZu7TYUCXO9xHwkjWFGk4vBxwHFHJAx4Q0+A3CgGFuGUmZ5AID+5htwYqYCdR8
4gCtpjvKDXU67XHwUxusuUaOMaZr4Ga3MqOG2uStdyLv7R9Dy4wGCznwCm9yOr3L
95I0xc4iZeNjRSlrNaDlxh66Ec7Fth8BNfdJVytFFs0jZvhRX0faUGd5C6TN4JUw
YXRk3vkYxqs8MU0eOSre+d2AH+lRXqWDCGf00gdzfLx7TSdUzxsWE5BVlawNmPmR
W5JtxrXDRV1W++gXEDvd9aCuFBtGv+/62Yq0sf3OAT8EuAjagx6B4vMt5bVC1WPC
g+pP4EJbZnKm1wVBzY2hySX29qkimEs2gGNwrVX9M1mU8ROGItFJoIep9tB+HAsG
kz0zUk72wrTjXhjZw4lYq27RLDKByPJXLhvm4ZibwlINzjBqe/IUjgf1zZEape04
qpqKEQUx+NS6gqtPTM4tJLasFeSYiAP9/FbUYFRSJn66Q5wnLnRX6h4AuEfiQH2K
l2/Vw+/iAJZKe3JRhf/FhZYmpNMw9RzFiCw=
=CWmj
-----END PGP SIGNATURE-----