Ubuntu 12.04 LTS: 1451-1 Medium: Openssl DoS And Data Exposure
May 24, 2012
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
Applications using OpenSSL in certain situations could be made tocrash or expose sensitive information.
=========================================================================Ubuntu Security Notice USN-1451-1 May 24, 2012 openssl vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Applications using OpenSSL in certain situations could be made to crash or expose sensitive information. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). (CVE-2012-0884) It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service. (CVE-2012-2333) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.2 openssl 1.0.1-4ubuntu5.2 Ubuntu 11.10: libssl1.0.0 1.0.0e-2ubuntu4.6 openssl 1.0.0e-2ubuntu4.6 Ubuntu 11.04: libssl0.9.8 0.9.8o-5ubuntu1.7 openssl 0.9.8o-5ubuntu1.7 Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.13 openssl 0.9.8k-7ubuntu8.13 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.19 openssl 0.9.8g-4ubuntu3.19 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1451-1 CVE-2012-0884, CVE-2012-2333 Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.2 https://launchpad.net/ubuntu/+source/openssl/1.0.0e-2ubuntu4.6 https://launchpad.net/ubuntu/+source/openssl/0.9.8o-5ubuntu1.7 https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.13 https://launchpad.net/ubuntu/+source/openssl/0.9.8g-4ubuntu3.19
PREVIOUS
NEXT
Ubuntu 12.04 LTS: 1451-1 Medium: Openssl DoS And Data Exposure
ubuntu
May 24, 2012
Applications using OpenSSL in certain situations could be made tocrash or expose sensitive information.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.2 openssl 1.0.1-4ubuntu5.2 Ubuntu 11.10: libssl1.0.0 1.0.0e-2ubuntu4.6 openssl 1.0.0e-2ubuntu4.6 Ubuntu 11.04: libssl0.9.8 0.9.8o-5ubuntu1.7 openssl 0.9.8o-5ubuntu1.7 Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.13 openssl 0.9.8k-7ubuntu8.13 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.19 openssl 0.9.8g-4ubuntu3.19 After a standard system update you need to reboot your computer to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-1451-1
CVE-2012-0884, CVE-2012-2333
Severity
medium
Lowest
Low
Medium
High
Critical
May 24, 2012
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.2 https://launchpad.net/ubuntu/+source/openssl/1.0.0e-2ubuntu4.6 https://launchpad.net/ubuntu/+source/openssl/0.9.8o-5ubuntu1.7 https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.13 https://launchpad.net/ubuntu/+source/openssl/0.9.8g-4ubuntu3.19
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!