Ubuntu: OpenSSL vulnerabilities

    Date26 Jun 2008
    CategoryUbuntu
    5438
    Posted ByLinuxSecurity Advisories
    It was discovered that OpenSSL was vulnerable to a double-free when using TLS server extensions. A remote attacker could send a crafted packet and cause a denial of service via application crash in applications linked against OpenSSL. Ubuntu 8.04 LTS does not compile TLS server extensions by default. (CVE-2008-0891) It was discovered that OpenSSL could dereference a NULL pointer. If a user or automated system were tricked into connecting to a malicious server with particular cipher suites, a remote attacker could cause a denial of service via application crash. (CVE-2008-1672)
    =========================================================== 
    Ubuntu Security Notice USN-620-1              June 26, 2008
    openssl vulnerabilities
    CVE-2008-0891, CVE-2008-1672
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 8.04 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 8.04 LTS:
      libssl0.9.8                     0.9.8g-4ubuntu3.3
    
    After a standard system upgrade you need to reboot your computer to
    effect the necessary changes.
    
    Details follow:
    
    It was discovered that OpenSSL was vulnerable to a double-free
    when using TLS server extensions. A remote attacker could send a
    crafted packet and cause a denial of service via application crash
    in applications linked against OpenSSL. Ubuntu 8.04 LTS does not
    compile TLS server extensions by default. (CVE-2008-0891)
    
    It was discovered that OpenSSL could dereference a NULL pointer.
    If a user or automated system were tricked into connecting to a
    malicious server with particular cipher suites, a remote attacker
    could cause a denial of service via application crash.
    (CVE-2008-1672)
    
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3.diff.gz
          Size/MD5:    52995 b1cea7b7db0cb4522acd795c3928f6d6
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3.dsc
          Size/MD5:      912 ac4c66a0442648d7b1a1afd326609c54
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz
          Size/MD5:  3354792 acf70a16359bf3658bdfb74bda1c4419
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.3_all.deb
          Size/MD5:   628742 36c2d25fdf6427526076a8d6b5da2e96
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.3_amd64.udeb
          Size/MD5:   603880 84269c06376fba49d325c730777068c6
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.3_amd64.deb
          Size/MD5:  2064718 33f436e01452fc2731b30700d3e0cb25
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.3_amd64.deb
          Size/MD5:  1604058 c07455422c05690cab6b54026279f9e3
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.3_amd64.deb
          Size/MD5:   931362 43218bfe72915fb66bdf8c081f847fcb
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3_amd64.deb
          Size/MD5:   390580 1c33397eeeaf9c43dbadbc952effca25
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.3_i386.udeb
          Size/MD5:   564676 2afdf22196bfa295f2847798c28ebc56
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.3_i386.deb
          Size/MD5:  1941746 9e1601920ffb4579750c62e3bafcc788
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.3_i386.deb
          Size/MD5:  5341160 b92bf74a2f51c864239b7266dc902fd6
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.3_i386.deb
          Size/MD5:  2828380 bdfaf989e6b72ba194845ac03d5c27b4
        http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3_i386.deb
          Size/MD5:   385396 a91bd87423e0063ab2bb18ecf44ae995
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.3_lpia.udeb
          Size/MD5:   535446 5841b6cc1e0fae3393afabc957037822
        http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.3_lpia.deb
          Size/MD5:  1922442 32dcdad159f05decabf11549ff204f37
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.3_lpia.deb
          Size/MD5:  1512426 4fb1d4039493d3f2d08dcfb27de4dc31
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.3_lpia.deb
          Size/MD5:   842914 7924b29683950fdde4467c65e0e1d337
        http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3_lpia.deb
          Size/MD5:   390020 7a31e11f913264848caf9970c8b55859
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.3_powerpc.udeb
          Size/MD5:   610278 7d857eca164bdfff475280cf334fd968
        http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.3_powerpc.deb
          Size/MD5:  2077858 49b892b43342c57136963936314cd850
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.3_powerpc.deb
          Size/MD5:  1639382 34a79f78df92067f4be10eacbb72463d
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.3_powerpc.deb
          Size/MD5:   944698 1c4cae202d0012cd143bd81239b36c71
        http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3_powerpc.deb
          Size/MD5:   399184 b4a0cd49967333a6e617f7ddf6be1427
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.3_sparc.udeb
          Size/MD5:   559658 d065856a7822c4d5f5382b1ad1a652fe
        http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.3_sparc.deb
          Size/MD5:  1984612 c82132370120b65e6e278df0755eb1a6
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.3_sparc.deb
          Size/MD5:  3873772 dfcf08c38728d64842da3f378639b191
        http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.3_sparc.deb
          Size/MD5:  2241472 37861360b67b2ce0b038e49ea4a6ae67
        http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3_sparc.deb
          Size/MD5:   397828 ffe5e48d1e71e27bd8adf064f4adcc64
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"38","type":"x","order":"1","pct":52.05,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.7,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.25,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.