=========================================================== 
Ubuntu Security Notice USN-620-1              June 26, 2008
openssl vulnerabilities
CVE-2008-0891, CVE-2008-1672
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libssl0.9.8                     0.9.8g-4ubuntu3.3

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

It was discovered that OpenSSL was vulnerable to a double-free
when using TLS server extensions. A remote attacker could send a
crafted packet and cause a denial of service via application crash
in applications linked against OpenSSL. Ubuntu 8.04 LTS does not
compile TLS server extensions by default. (CVE-2008-0891)

It was discovered that OpenSSL could dereference a NULL pointer.
If a user or automated system were tricked into connecting to a
malicious server with particular cipher suites, a remote attacker
could cause a denial of service via application crash.
(CVE-2008-1672)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:    52995 b1cea7b7db0cb4522acd795c3928f6d6
          Size/MD5:      912 ac4c66a0442648d7b1a1afd326609c54
          Size/MD5:  3354792 acf70a16359bf3658bdfb74bda1c4419

  Architecture independent packages:

          Size/MD5:   628742 36c2d25fdf6427526076a8d6b5da2e96

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   603880 84269c06376fba49d325c730777068c6
          Size/MD5:  2064718 33f436e01452fc2731b30700d3e0cb25
          Size/MD5:  1604058 c07455422c05690cab6b54026279f9e3
          Size/MD5:   931362 43218bfe72915fb66bdf8c081f847fcb
          Size/MD5:   390580 1c33397eeeaf9c43dbadbc952effca25

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   564676 2afdf22196bfa295f2847798c28ebc56
          Size/MD5:  1941746 9e1601920ffb4579750c62e3bafcc788
          Size/MD5:  5341160 b92bf74a2f51c864239b7266dc902fd6
          Size/MD5:  2828380 bdfaf989e6b72ba194845ac03d5c27b4
          Size/MD5:   385396 a91bd87423e0063ab2bb18ecf44ae995

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   535446 5841b6cc1e0fae3393afabc957037822
          Size/MD5:  1922442 32dcdad159f05decabf11549ff204f37
          Size/MD5:  1512426 4fb1d4039493d3f2d08dcfb27de4dc31
          Size/MD5:   842914 7924b29683950fdde4467c65e0e1d337
          Size/MD5:   390020 7a31e11f913264848caf9970c8b55859

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   610278 7d857eca164bdfff475280cf334fd968
          Size/MD5:  2077858 49b892b43342c57136963936314cd850
          Size/MD5:  1639382 34a79f78df92067f4be10eacbb72463d
          Size/MD5:   944698 1c4cae202d0012cd143bd81239b36c71
          Size/MD5:   399184 b4a0cd49967333a6e617f7ddf6be1427

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   559658 d065856a7822c4d5f5382b1ad1a652fe
          Size/MD5:  1984612 c82132370120b65e6e278df0755eb1a6
          Size/MD5:  3873772 dfcf08c38728d64842da3f378639b191
          Size/MD5:  2241472 37861360b67b2ce0b038e49ea4a6ae67
          Size/MD5:   397828 ffe5e48d1e71e27bd8adf064f4adcc64

Ubuntu: OpenSSL vulnerabilities

June 26, 2008
It was discovered that OpenSSL was vulnerable to a double-free when using TLS server extensions

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-620-1 June 26, 2008

Package Information

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved