Adsons

    Ubuntu: OpenSSL vulnerability

    Date16 Oct 2006
    CategoryUbuntu
    2584
    Posted ByLinuxSecurity Advisories
    Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key.
    ===========================================================  Ubuntu Security Notice USN-339-1 September 05, 2006 openssl vulnerability CVE-2006-4339 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04:  libssl0.9.7 0.9.7e-3ubuntu0.3 Ubuntu 5.10:  libssl0.9.7 0.9.7g-1ubuntu1.2 Ubuntu 6.06 LTS:  libssl0.9.8 0.9.8a-7ubuntu0.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key. Updated packages for Ubuntu 5.04:  Source archives:  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.diff.gz  Size/MD5: 29738 8ff4b43003645c9cc0340b7aeaa0e943  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.dsc  Size/MD5: 645 f1d90d6945db3f52eb9e523cd2257cb3  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e.orig.tar.gz  Size/MD5: 3043231 a8777164bca38d84e5eb2b1535223474  amd64 architecture (Athlon64, Opteron, EM64T Xeon)  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_amd64.udeb  Size/MD5: 495170 6ecb42d8f16500657a823c246d90f721  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_amd64.deb  Size/MD5: 2693394 8554202ca8540221956438754ce83daa  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_amd64.deb  Size/MD5: 769732 1924597de3a34f244d50812ce47e839f  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_amd64.deb  Size/MD5: 903646 0da1a7985ac40c27bffd43effcdeb306  i386 architecture (x86 compatible Intel/AMD)  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_i386.udeb  Size/MD5: 433284 3701e85ed202bc56684583e5cdcee090  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_i386.deb  Size/MD5: 2492646 bbb95c47fede95c469d7fdef9faeedcf  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_i386.deb  Size/MD5: 2241170 8f890db2ab8675adccb3e5f9e9129c97  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_i386.deb  Size/MD5: 901102 f43171afd1211d5026a0241abbce7710  powerpc architecture (Apple Macintosh G3/G4/G5)  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_powerpc.udeb  Size/MD5: 499392 6c4844845826d244a5062664d725d7f4  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_powerpc.deb  Size/MD5: 2774414 f275ee27e93d2ddbdf7af62837512b4a  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_powerpc.deb  Size/MD5: 779388 29c64dab8447a8a79c2b82e6aad0c900  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_powerpc.deb  Size/MD5: 908166 34dc1579ba2d5543f841ca917c1f7f35 Updated packages for Ubuntu 5.10:  Source archives:  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.diff.gz  Size/MD5: 30435 9ad78dd2d10b6a32b2efa84aeedc1b28  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.dsc  Size/MD5: 657 1d871efaeb3b5bafccb17ec8787ae57c  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g.orig.tar.gz  Size/MD5: 3132217 991615f73338a571b6a1be7d74906934  amd64 architecture (Athlon64, Opteron, EM64T Xeon)  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_amd64.udeb  Size/MD5: 498836 bd128f07f8f4ff96c7a4ec0cd01a5a24  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_amd64.deb  Size/MD5: 2699482 cdefd160fc10ae893743cff5bf872463  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_amd64.deb  Size/MD5: 773202 41180b2c148cbee6a514ca07d9d8038c  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_amd64.deb  Size/MD5: 913254 4d7d2b9debbe46c070628174e4359281  i386 architecture (x86 compatible Intel/AMD)  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_i386.udeb  Size/MD5: 430730 904e4e96ab1f84715cdf0db8bd34b5c5  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_i386.deb  Size/MD5: 2479858 e18443ee7bd4bacf1b2b9e1b64c9733e  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_i386.deb  Size/MD5: 2203354 799110bb4e00931d801208e97316c2a5  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_i386.deb  Size/MD5: 904410 d19a02f94c4e321112ba4cc4091ae398  powerpc architecture (Apple Macintosh G3/G4/G5)  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_powerpc.udeb  Size/MD5: 476320 0e8146d671c590e6cfb260da7e7bd94e  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_powerpc.deb  Size/MD5: 2656084 4f5799481d8abb40bc7e5ff712349b33  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_powerpc.deb  Size/MD5: 752756 24177008d7989591e7a10ce33e4f15e4  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_powerpc.deb  Size/MD5: 910052 ea5f2afb2b1e05913668d04cb14f4d5a  sparc architecture (Sun SPARC/UltraSPARC)  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_sparc.udeb  Size/MD5: 452112 7287ea7ed03e385eedc38be06052e554  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_sparc.deb  Size/MD5: 2569762 159afe6386461da5a10d58594604f923  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_sparc.deb  Size/MD5: 1791288 d30b69f5e3d3b4b3ca6c889577d4c30a  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_sparc.deb  Size/MD5: 918074 81e40476e7153055043ee7ae07ab9b15 Updated packages for Ubuntu 6.06 LTS:  Source archives:  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.diff.gz  Size/MD5: 35264 b4ff10d076548a137e80df0ea6133cf6  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.dsc  Size/MD5: 816 1748b5fba8b23850f0a35186e8d80b0b  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz  Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1  amd64 architecture (Athlon64, Opteron, EM64T Xeon)  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_amd64.udeb  Size/MD5: 571346 32560c34d375896443908ad44ef37724  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_amd64.deb  Size/MD5: 2166016 7478ed6526daef015f02e53ecd29c794  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_amd64.deb  Size/MD5: 1681264 f38fa12908776cad70e4f03f5d82ec52  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_amd64.deb  Size/MD5: 873938 905d85741bd0f71d997b0ad1da0af1c1  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_amd64.deb  Size/MD5: 984054 0b7663affd06815eda8f814ce98eddf1  i386 architecture (x86 compatible Intel/AMD)  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_i386.udeb  Size/MD5: 508988 17028f0a0751e40a77199e0727503726  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_i386.deb  Size/MD5: 2022304 daa0e6b56441e0b2fa71e14de831dc41  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_i386.deb  Size/MD5: 5046624 d14ffd5dccbba81c666d149b9b80affb  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_i386.deb  Size/MD5: 2591760 9581e906f3ba5da9983514eca0d10d82  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_i386.deb  Size/MD5: 975476 840ba1e9f244516df5cf9e5f48667879  powerpc architecture (Apple Macintosh G3/G4/G5)  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_powerpc.udeb  Size/MD5: 557516 0ea8220e55677599c9867d9104bee981  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_powerpc.deb  Size/MD5: 2179304 8356a41ecc095a3a4ec4163f39374bda  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_powerpc.deb  Size/MD5: 1725322 7a60fe2ec5537c970d80cf5e48db1ebd  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_powerpc.deb  Size/MD5: 860294 6ba3aadd9a9f930e5c893165bc61ae93  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_powerpc.deb  Size/MD5: 979370 db3041b4dab69fe48bf2d34d572f4c36  sparc architecture (Sun SPARC/UltraSPARC)  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_sparc.udeb  Size/MD5: 530316 67e7789eaa5ca6b1edf6408edc7c0835  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_sparc.deb  Size/MD5: 2091014 a250f9740992c202cd088a0824ceb07a  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_sparc.deb  Size/MD5: 3939674 4007aa0e07366b2ac9c090409ef22e7b  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_sparc.deb  Size/MD5: 2089320 672bd1ace848bdb20496ff9ff66a8873  http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_sparc.deb  Size/MD5: 987236 ecacd01dc72995f246531c25e783a879 --uCPdOCrL+PnN2Vxy Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFE/ZDiDecnbV4Fd/IRAh6NAJsFhYNMEXHM5reV/9hgvXst040B4QCgtdl6 fr5Ozirux32vlfN7a0frH9U 

    Comments powered by CComment

    Sidebar Ad

    LinuxSecurity Poll

    Does your company/organization utilize open-source software?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    5
    radio
    bottom200

    Advisories