-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux: REVISED: Updated Caldera Public Keys Advisory number: CSSA-2002-007.2 Issue date: 2002 May 17 Cross reference: ______________________________________________________________________________ 1. Problem Description Caldera has generated new security keys. These keys are already in the 3.1.1 product. This update's rpms are signed with the original, expired, keys. In addition, the installation procedure for the previous advisory was incorrect. The rpm must be simply installed, not freshened. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1 Server prior to OpenLinux-newkeys-2002-2.i386.rpm OpenLinux 3.1 Workstation prior to OpenLinux-newkeys-2002-2.i386.rpm 3. Solution The proper solution is to install the latest packages. 4. OpenLinux 3.1 Server 4.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS 4.2 Packages dc576d3a83a101d938c54a6ed68b6129 OpenLinux-newkeys-2002-2.i386.rpm 4.3 Installation rpm -i OpenLinux-newkeys-2002-2.i386.rpm 4.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS 4.5 Source Packages 26ef8f544251bba8553b1e6efd9c5e78 OpenLinux-newkeys-2002-2.src.rpm 5. OpenLinux 3.1 Workstation 5.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS 5.2 Packages c896e6c967bc288159d2203c3a1235ca OpenLinux-newkeys-2002-2.i386.rpm 5.3 Installation rpm -i OpenLinux-newkeys-2002-2.i386.rpm 5.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS 5.5 Source Packages 1341973344234814061c4acda3337995 OpenLinux-newkeys-2002-2.src.rpm 6. References Specific references for this advisory: none Caldera OpenLinux security resources: http://www.caldera.com/support/security/index.html Caldera UNIX security resources: http://stage.caldera.com/support/security/ This security fix closes Caldera incident sr860753. 7. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera products. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjzlOacACgkQbluZssSXDTFJegCcCFeZ9UZLtElhHZGK2XuZELxs ODEAoL46fVYIv8Pebbc69XX7aQyt7jpF =7XXA -----END PGP SIGNATURE-----