Ubuntu 1064-1: OpenSSL vulnerability

    Date15 Feb 2011
    CategoryUbuntu
    77
    Posted ByLinuxSecurity Advisories
    Neel Mehta discovered that incorrectly formatted ClientHello handshakemessages could cause OpenSSL to parse past the end of the message.This could allow a remote attacker to cause a crash and denial ofservice by triggering invalid memory accesses. [More...]
    ===========================================================
    Ubuntu Security Notice USN-1064-1         February 15, 2011
    openssl vulnerability
    CVE-2011-0014
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 10.04 LTS
    Ubuntu 10.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 10.04 LTS:
      libssl0.9.8                     0.9.8k-7ubuntu8.6
    
    Ubuntu 10.10:
      libssl0.9.8                     0.9.8o-1ubuntu4.4
    
    After a standard system update you need to reboot your computer to make
    all the necessary changes.
    
    Details follow:
    
    Neel Mehta discovered that incorrectly formatted ClientHello handshake
    messages could cause OpenSSL to parse past the end of the message.
    This could allow a remote attacker to cause a crash and denial of
    service by triggering invalid memory accesses.
    
    
    Updated packages for Ubuntu 10.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6.diff.gz
          Size/MD5:   113947 666d4d39c8d15495574b3e8cde84d14b
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6.dsc
          Size/MD5:     2097 a9aee866b987128cbb53018bb4c3e076
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k.orig.tar.gz
          Size/MD5:  3852259 e555c6d58d276aec7fdc53363e338ab3
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8k-7ubuntu8.6_all.deb
          Size/MD5:   640766 4410bba4b493067940d740ba0bfd9e36
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_amd64.udeb
          Size/MD5:   630236 4e57f2683a2fd11379ef834de483e92a
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_amd64.deb
          Size/MD5:  2143716 b73b8e9eca5d99faf5bba7b3ad885d0d
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_amd64.deb
          Size/MD5:  1650734 15024c4129edb6729aadd42a3c6625d9
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_amd64.udeb
          Size/MD5:   136136 c691630136d1888d9818afcbef5b3376
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_amd64.deb
          Size/MD5:   979838 e410fcc0f092be5bdf0dd48866030de6
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_amd64.deb
          Size/MD5:   406380 45ae705310a650701711237bc24834fa
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_i386.udeb
          Size/MD5:   582632 605d20a6d46358bb020263b589628bc7
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_i386.deb
          Size/MD5:  2006542 2651ca8bad5a1274f8ac9eb3c9928f10
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_i386.deb
          Size/MD5:  5806564 99755b3eed448fd0bedaf6c90c760222
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_i386.udeb
          Size/MD5:   129782 08548187135f8ef21f91c1206231c46c
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_i386.deb
          Size/MD5:  3015290 d32c63182c7b0eb4ef8eb8427d89ec65
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_i386.deb
          Size/MD5:   400386 0a10c201d957f574524d98d9e4b87df3
    
      armel architecture (ARM Architecture):
    
        http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_armel.udeb
          Size/MD5:   532308 0532b6933c19ecb8ddf0cf502acdbef7
        http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_armel.deb
          Size/MD5:  1935434 3b86a27ba4064993fa641b7a57700947
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_armel.deb
          Size/MD5:  1624860 cc66be850879a7506c83199a8307c0a8
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_armel.udeb
          Size/MD5:   115646 5f09e1585b7d8213a34c326e878d2855
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_armel.deb
          Size/MD5:   849808 fe1a2c9bb7fa58309897e2c74428565c
        http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_armel.deb
          Size/MD5:   394134 6dae0590575a5d6cca5ec37bee48c3d0
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_powerpc.udeb
          Size/MD5:   627048 9cc7f8c9c8e834804f6b8ad9d4f038e1
        http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_powerpc.deb
          Size/MD5:  2147450 1fa01d48576c59ece29b15e52067a061
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_powerpc.deb
          Size/MD5:  1718982 d8af42edbf4b9e0cd4e8a49db65d6c34
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_powerpc.udeb
          Size/MD5:   135572 9ceece261ebb15a1e736ea5a87936e29
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_powerpc.deb
          Size/MD5:   969796 9f000a8d471e6779147746d85bd672e2
        http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_powerpc.deb
          Size/MD5:   402854 37d4422ee00a9fe04c6edb02d79652ae
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_sparc.udeb
          Size/MD5:   597970 be4c632244422acea148a8b46c6bd2d4
        http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_sparc.deb
          Size/MD5:  2065588 5dcc87c24f3582085dd0c27a2dc6ca38
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_sparc.deb
          Size/MD5:  4094532 59af6b8697affcf4ee54d266f824c419
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_sparc.udeb
          Size/MD5:   125888 5bf540180404fc36f0ff593f26bbb4af
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_sparc.deb
          Size/MD5:  2354154 bfa9eab34e57f6066df484565a83ca62
        http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_sparc.deb
          Size/MD5:   419326 a339be63d8d5721fb821278fc73917f8
    
    Updated packages for Ubuntu 10.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4.debian.tar.gz
          Size/MD5:    93256 d842e047afa927d7b45707e5662299b4
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4.dsc
          Size/MD5:     2113 a2453418b5f65205b4100fca4bbab478
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o.orig.tar.gz
          Size/MD5:  3772542 63ddc5116488985e820075e65fbe6aa4
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8o-1ubuntu4.4_all.deb
          Size/MD5:   645856 b87766f110e4001b91e52d831932293c
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.4_amd64.udeb
          Size/MD5:   620310 4b921a5507e0d43d49f0959a40b6e698
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.4_amd64.deb
          Size/MD5:  2149904 1789acf946fa5fb29210c573e1c454a3
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.4_amd64.deb
          Size/MD5:  1550490 8890e9c5294c00c538bf8c33838e7223
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.4_amd64.udeb
          Size/MD5:   137390 46a1a45ee4b23451f504e80acf1f3e06
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.4_amd64.deb
          Size/MD5:   923110 2443af9e7f04a89766956a1897ef3109
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4_amd64.deb
          Size/MD5:   406004 35ab88b06cc50111ee30876069e62618
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.4_i386.udeb
          Size/MD5:   570726 64d9207ff0f9808cdd1fd5f67a3a41b2
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.4_i386.deb
          Size/MD5:  2012646 e036571cd83edf3a270a6875edeb7b1d
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.4_i386.deb
          Size/MD5:  1553820 4351ce2cf1de859743b84302ea216adc
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.4_i386.udeb
          Size/MD5:   130530 a49a036f44e0e5144063c447099957b7
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.4_i386.deb
          Size/MD5:   866474 f7ce89e52baa2d29bf56303ef4ceb7fa
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4_i386.deb
          Size/MD5:   400060 96e4e0a0c894e0509f7b5b0834b7f76e
    
      armel architecture (ARM Architecture):
    
        http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.4_armel.udeb
          Size/MD5:   566054 35f2b45ca48a64392522ec243d2e14aa
        http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.4_armel.deb
          Size/MD5:  2014346 9b1bc7134c7e9b5c4c0fab38c3ccee17
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.4_armel.deb
          Size/MD5:  1542334 15db4641260fd3f9fc247b7e8be73f7c
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.4_armel.udeb
          Size/MD5:   120460 ac27441462cd80a6244c11475241c5fb
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.4_armel.deb
          Size/MD5:   850040 8b6242e95592404cfb5457b3a2fefb00
        http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4_armel.deb
          Size/MD5:   406494 697677cbc870e7c857246d14777573c1
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.4_powerpc.udeb
          Size/MD5:   616136 a3c28af9e2d1314e6486ce9c1aef1b59
        http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.4_powerpc.deb
          Size/MD5:  2154734 f859e9290ca73eb92e34b160402c058f
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.4_powerpc.deb
          Size/MD5:  1618684 e729f6525a3b7180633d3b7f0ae78223
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.4_powerpc.udeb
          Size/MD5:   136090 f5ddcf671c6091f6bd42abf9cc5293d5
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.4_powerpc.deb
          Size/MD5:   917686 f505d2f147fc42c1babb5767c0d89199
        http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4_powerpc.deb
          Size/MD5:   402036 45760e9ca5448f7e25696c90da53b244
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.