Ubuntu: openssl-blacklist update

    Date18 Jun 2008
    CategoryUbuntu
    5683
    Posted ByLinuxSecurity Advisories
    A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates.
    =========================================================== 
    Ubuntu Security Notice USN-612-11              June 18, 2008
    openssl-blacklist update
    http://www.ubuntu.com/usn/usn-612-1
    http://www.ubuntu.com/usn/usn-612-3
    http://www.ubuntu.com/usn/usn-612-8
    http://www.ubuntu.com/usn/usn-612-9
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    Ubuntu 7.04
    Ubuntu 7.10
    Ubuntu 8.04 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      openssl-blacklist               0.3.3+0.4-0ubuntu0.6.06.2
      openssl-blacklist-extra         0.3.3+0.4-0ubuntu0.6.06.2
    
    Ubuntu 7.04:
      openssl-blacklist               0.3.3+0.4-0ubuntu0.7.04.2
      openssl-blacklist-extra         0.3.3+0.4-0ubuntu0.7.04.2
    
    Ubuntu 7.10:
      openssl-blacklist               0.3.3+0.4-0ubuntu0.7.10.2
      openssl-blacklist-extra         0.3.3+0.4-0ubuntu0.7.10.2
    
    Ubuntu 8.04 LTS:
      openssl-blacklist               0.3.3+0.4-0ubuntu0.8.04.3
      openssl-blacklist-extra         0.3.3+0.4-0ubuntu0.8.04.3
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    USN-612-3 addressed a weakness in OpenSSL certificate and key
    generation and introduced openssl-blacklist to aid in detecting
    vulnerable certificates and keys. This update adds RSA-4096
    blacklists to the openssl-blacklist-extra package and adjusts
    openssl-vulnkey to properly handle RSA-4096 and higher moduli.
    
    Original advisory details:
     A weakness has been discovered in the random number generator used
     by OpenSSL on Debian and Ubuntu systems. As a result of this
     weakness, certain encryption keys are much more common than they
     should be, such that an attacker could guess the key through a
     brute-force attack given minimal knowledge of the system. This
     particularly affects the use of encryption keys in OpenSSH, OpenVPN
     and SSL certificates.
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.3.3+0.4-0ubuntu0.6.06.2.dsc
          Size/MD5:      676 ec900c22df66e7da2543082d7123aed7
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.3.3+0.4-0ubuntu0.6.06.2.tar.gz
          Size/MD5: 32928890 ff8a69186860a3c9bc78c86b51993154
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist-extra_0.3.3+0.4-0ubuntu0.6.06.2_all.deb
          Size/MD5:  6317974 c71f0e9dfaf87712672fb52acb55db0d
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.3.3+0.4-0ubuntu0.6.06.2_all.deb
          Size/MD5:  6333018 e43b4ea20935655041e803064cee6626
    
    Updated packages for Ubuntu 7.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.3.3+0.4-0ubuntu0.7.04.2.dsc
          Size/MD5:      812 71e900154130bd20b4401b6ac2653cdc
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.3.3+0.4-0ubuntu0.7.04.2.tar.gz
          Size/MD5: 32928996 37d24b96159aca653515a8aa136f31d3
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist-extra_0.3.3+0.4-0ubuntu0.7.04.2_all.deb
          Size/MD5:  6318082 cc4e2c235c71d36653ce1c2ef1b247bc
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.3.3+0.4-0ubuntu0.7.04.2_all.deb
          Size/MD5:  6332858 d805a05a0bc674c064256cf26f231881
    
    Updated packages for Ubuntu 7.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.3.3+0.4-0ubuntu0.7.10.2.dsc
          Size/MD5:      812 b62d9f57a2c6f4e3e671a3d9648b1df1
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.3.3+0.4-0ubuntu0.7.10.2.tar.gz
          Size/MD5: 32928995 8717c32922e43aaaf7203ccd268b99a8
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist-extra_0.3.3+0.4-0ubuntu0.7.10.2_all.deb
          Size/MD5:  6318232 81e856d987468e3fc3a0d6e7e21bf532
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.3.3+0.4-0ubuntu0.7.10.2_all.deb
          Size/MD5:  6332724 84087c5b3d5a05cf55d415adaf6974f1
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.3.3+0.4-0ubuntu0.8.04.3.dsc
          Size/MD5:      943 c1d37d2d4a36ba178022fc27ff6a0bdc
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.3.3+0.4-0ubuntu0.8.04.3.tar.gz
          Size/MD5: 32929040 376d57551e6859b39c2e795284978233
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist-extra_0.3.3+0.4-0ubuntu0.8.04.3_all.deb
          Size/MD5:  6318142 0d1c09236b595d8fd8dbe4a617497d2e
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.3.3+0.4-0ubuntu0.8.04.3_all.deb
          Size/MD5:  6333180 df969f0af29ab3474c9d1d7b119a66a7
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"36","type":"x","order":"1","pct":50.7,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":14.08,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":35.21,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.