Ubuntu: OpenSSL vulnerabilities USN-522-1

=========================================================== 
Ubuntu Security Notice USN-522-1         September 29, 2007
openssl vulnerabilities
CVE-2007-3108, CVE-2007-5135
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libssl0.9.8                     0.9.8a-7ubuntu0.4

Ubuntu 6.10:
  libssl0.9.8                     0.9.8b-2ubuntu2.1

Ubuntu 7.04:
  libssl0.9.8                     0.9.8c-4ubuntu0.1

After a standard system upgrade you need to reboot your computer to
affect the necessary changes.

Details follow:

It was discovered that OpenSSL did not correctly perform Montgomery
multiplications.  Local attackers might be able to reconstruct RSA
private keys by examining another user's OpenSSL processes. (CVE-2007-3108)

Moritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function
did not correctly check the size of the buffer it was writing to.
A remote attacker could exploit this to write one NULL byte past the end of
an application's cipher list buffer, possibly leading to arbitrary code
execution or a denial of service. (CVE-2007-5135)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:    40104 abaa56ceffcfafd0d628fc68b1c83675
          Size/MD5:      814 e348ddbc2703e3dda91c500531cf4f45
          Size/MD5:  3271435 1d16c727c10185e4d694f87f5e424ee1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   571738 9e614030df1cc56597aa4e7a7df23d18
          Size/MD5:  2167362 c46ae159491e08e6df452617f069fb1a
          Size/MD5:  1682190 3f8e4f0e18004602d6d05200d1ceaa59
          Size/MD5:   875108 fde0f7829a2684230b42b9aa37474a87
          Size/MD5:   984620 3c835a22e594cd97d7286944c94144bb

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   509504 7461427863f8fb2515f4e666a445eb09
          Size/MD5:  2023780 d20f64ea8137c4c9aed26e911078bd15
          Size/MD5:  5051744 e377b372e70216b7c913229c840fe01e
          Size/MD5:  2595078 4d10155df912f64bb004d154b942bea1
          Size/MD5:   976114 4cf728c1f64e50634489c6c9838eae69

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   557892 32b64e8623c7f77c4d8c2a26fa58ff90
          Size/MD5:  2181178 4e1f7491e3801576114ceac6235199d9
          Size/MD5:  1726640 0da13816bfddf51e4b306c3aa78c466e
          Size/MD5:   861466 d2650c1bfa597edefd32fa380bee42ec
          Size/MD5:   980256 3e1b6dec9136ba3c9456dc4301a105c5

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   530816 8a79b8c47ab103c6fe308c35fc73e1a6
          Size/MD5:  2092694 fd51d17a31a87f289860621e3ceef1c0
          Size/MD5:  3941790 24f88f1ec00a33da9af06476cd24c845
          Size/MD5:  2091088 3a3780f90853dfe75d0dfe361ca387a2
          Size/MD5:   988320 08ed566f5fb60ff6211fd15d188bc9d7

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:    47085 11e24acb96e5a9ab984a7f0f52eaccee
          Size/MD5:      815 0edc3573b1bf7cb3fcee66dfb5531030
          Size/MD5:  3279283 12cedbeb6813a0d7919dbf1f82134b86

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   580868 ea4ca3f339aa81ac94cb6430a66e4732
          Size/MD5:  2180120 73efee92606753a9d44ef2f14e513650
          Size/MD5:  1637050 5d20af66d19892f44b9c16932fda98cb
          Size/MD5:   889090 1c1e0ac246ea81ab44dea11c1f7b84c3
          Size/MD5:   999446 e14ae572b7c245ac7218309b62998606

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   544572 0041f7ee93c548d4504e12d1090b46b4
          Size/MD5:  2063198 14e10f14147b3dc12c8811fc53592fc6
          Size/MD5:  5488610 ff380444cf5a3518a98dcb264bb68c17
          Size/MD5:  2699364 0f23e3bbf255b1c333bc27c6133ad6dc
          Size/MD5:   993544 6a229b5256bc4719116e31d8c9c6e067

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   586188 7d04f1a35812e10be8b5cf5e3ca64e42
          Size/MD5:  2211960 adc548aee23416dc2c04b0ae0653fd58
          Size/MD5:  1704024 969005d56c1ce43c1e25b2155992cb06
          Size/MD5:   893346 144f7e53fd45ae765229ca09d90b0324
          Size/MD5:   994320 7be85bbd6f1578b43883a932d27ff0d4

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   539786 a44f4d54cce712b2572a8c2d1a8892b0
          Size/MD5:  2106146 18369000e29065950ab20c49f2549a68
          Size/MD5:  4024194 6f18fdd6cf1baa4fc5df70dd911a5e5c
          Size/MD5:  2127048 7dfd58d7598348c49329ab9ca7779f1e
          Size/MD5:  1002710 4faf43217bd97ec20d9e6f5231f3b796

Updated packages for Ubuntu 7.04:

  Source archives:

          Size/MD5:    46065 1fe689e18314f75796223804cea5da8a
          Size/MD5:      899 5f7c71575be2444fba320a4ea5347a94
          Size/MD5:  3313857 78454bec556bcb4c45129428a766c886

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   604410 83e090a4f4baad96cd699d641c906ed6
          Size/MD5:  2186538 db9dfc2ec8dffea2f5e05bdf3e0c6f51
          Size/MD5:  1644896 ed4ae60bc2e36d90cde8f6984d6025b3
          Size/MD5:   918056 805ff29173ca5647c6444fbf048dcf60
          Size/MD5:  1006294 9dcf97059a7eb886d4a868c4398e78cb

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   569612 cf9450e5dcf3a4f7fdba8c1a8a430323
          Size/MD5:  2068216 421e07755a1c502e023e8b7ee1f60d19
          Size/MD5:  5499042 a1cbbc625498defe107e38775bde8aa0
          Size/MD5:  2809096 194214034d640049a38a210feded7271
          Size/MD5:  1001124 68f2244ac28054ceb381db892b0a2aa8

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   617042 f3649896a69d3aa8fe05f2d62179a6fa
          Size/MD5:  2217064 bab2220243ab79b13c3f6178f72ca5b3
          Size/MD5:  1704864 886ea205f259a781cd464344ca238438
          Size/MD5:   939056 aca2ce7f7970c967b54d5d09ee1bc0c2
          Size/MD5:  1014828 fa78b637a7b5ce72261442d7e9de8522

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   562986 9e32a5b64da75b53c5651b0ab12413e8
          Size/MD5:  2111498 45b61e49ef4a3c8766acd4986170b60c
          Size/MD5:  4052930 6ad0e11956c1fdb699429abe604d3886
          Size/MD5:  2205482 75db2b4f995c2f564612566b299a428d
          Size/MD5:  1016618 ec64c2da5c6b4bbec42d9099cc0ef0e6
Ubuntu: OpenSSL vulnerabilities USN-522-1

Summary

Update Instructions

References

Package Information

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
