- --------------------------------------------------------------------------Debian Security Advisory DSA 1185-2                    security@debian.org
http://www.debian.org/security/                             Noah Meyerhans
October 2nd, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------Package        : openssl
Vulnerability  : denial of service
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-2940

The fix used to correct CVE-2006-2940 introduced code that could lead to
the use of uninitialized memory.  Such use is likely to cause the
application using the openssl library to crash, and has the potential to
allow an attacker to cause the execution of arbitrary code.

For the stable distribution (sarge) these problems have been fixed in
version 0.9.7e-3sarge4.

For the unstable and testing distributions (sid and etch,
respectively), these problems will be fixed in version 0.9.7k-3 of the
openssl097 compatibility libraries, and version 0.9.8c-3 of the
openssl package.

We recommend that you upgrade your openssl package.  Note that
services linking against the openssl shared libraries will need to be
restarted. Common examples of such services include most Mail
Transport Agents, SSH servers, and web servers.


Upgrade Instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------  Source archives:

          Size/MD5 checksum:      639 179f34093d860afff66964b5f1c99ee3
          Size/MD5 checksum:    29707 0b4d462730327aba5a751bd4bec71c10
          Size/MD5 checksum:  3043231 a8777164bca38d84e5eb2b1535223474

  Alpha architecture:

          Size/MD5 checksum:  3341886 f0d0ef51fac89227b0d0705116439f5c
          Size/MD5 checksum:  2448092 8065c52c7649f36221f8a48adfb4cb29
          Size/MD5 checksum:   930234 5953c4c4a45352d41c3c414eda63ff00

  AMD64 architecture:

          Size/MD5 checksum:  2693980 cbd25bbed17ec73561337bfc3d8ed2ed
          Size/MD5 checksum:   769904 2671cdf2f48013617ea509daac2bb4dc
          Size/MD5 checksum:   903782 e370684d7c84d1eebcb69cdda35c6c6c

  ARM architecture:

          Size/MD5 checksum:  2556330 75c1a253ddad0b7ad87053552770e5c4
          Size/MD5 checksum:   690202 ccd435ca2c183940152f3bd70d84ee0b
          Size/MD5 checksum:   894144 2e5caaa90184d9ee9e607d18728e6f93

  HP Precision architecture:

          Size/MD5 checksum:  2695990 58fe1a247ef47faa559eef610b437db6
          Size/MD5 checksum:   791382 f0c64d06307af937218944d6d8db6e2f
          Size/MD5 checksum:   914576 631c681a3c4ce355962a7c684767a155

  Intel IA-32 architecture:

          Size/MD5 checksum:  2554956 c4c9aa14e74dbd6dac2cadd7cf48b522
          Size/MD5 checksum:  2265180 9047b6c6036c048ad75fa397f220ae39
          Size/MD5 checksum:   906268 070d1d1680f90da5509121c44de7a254

  Intel IA-64 architecture:

          Size/MD5 checksum:  3396206 3a3d88238a48d33b39e7575a97c6cfdf
          Size/MD5 checksum:  1038432 e2e4e1d388c5d45c8d30e16d661ad24c
          Size/MD5 checksum:   975152 1783b49f3b7a12bd18dff0fcc37f5d68

  Motorola 680x0 architecture:

          Size/MD5 checksum:  2317348 b4930b1cf5e642bf509d44dd83de193f
          Size/MD5 checksum:   661716 d5fb4eb5947c8765e268696e94a46a8b
          Size/MD5 checksum:   889932 e1ecef3780edd38743246dfda1424e8c

  Big endian MIPS architecture:

          Size/MD5 checksum:  2779464 591dbe4f6d73d56c9e9ff72f2d0a5385
          Size/MD5 checksum:   706682 0b3de7eef13969d065ed057fda34afc2
          Size/MD5 checksum:   896834 e2b8f38056a06f63c3ce6c10d9d95dba

  Little endian MIPS architecture:

          Size/MD5 checksum:  2767364 883d0167f6642e90e8a183b4f87a78ba
          Size/MD5 checksum:   694532 f4961231ef2c2b8ff46f173338a7fa36
          Size/MD5 checksum:   895922 2ad35f3927ba71d8054fe8cd4316f5b0

  PowerPC architecture:

          Size/MD5 checksum:  2775608 0dca0ec9cf2d230ce68394849be748b1
          Size/MD5 checksum:   779456 6736cdc1dfe5f19013f4dee0a2b3b1cf
          Size/MD5 checksum:   908418 8759696eff63836597e4247c06ba7b22

  IBM S/390 architecture:

          Size/MD5 checksum:  2717788 12fb63ace68a2698c19c725530ab18d9
          Size/MD5 checksum:   814012 adcee88124369de1daeae0545e0517a0
          Size/MD5 checksum:   918524 b93704f4ce84489d4ee163098a783962

  Sun Sparc architecture:

          Size/MD5 checksum:  2630606 a20a47b2f291810a09fd04a4c130ddb0
          Size/MD5 checksum:  1886152 8521da994bf2a6df3bdc457fb3e0683b
          Size/MD5 checksum:   924556 ff8cee5f5a9653a9dd917b4ec51166ee


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: openssl fix arbitrary code execution DSA-1185-2

October 2, 2006
The fix used to correct CVE-2006-2940 introduced code that could lead to the use of uninitialized memory

Summary

Severity

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved