Ubuntu Security Notice 620-1

Ubuntu Security Notice 620-1: Posted Jun 26, 2008; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 620-1 - It was discovered that OpenSSL was vulnerable to a double-free when using TLS server extensions. A remote attacker could send a crafted packet and cause a denial of service via application crash in applications linked against OpenSSL. Ubuntu 8.04 LTS does not compile TLS server extensions by default. It was discovered that OpenSSL could dereference a NULL pointer. If a user or automated system were tricked into connecting to a malicious server with particular cipher suites, a remote attacker could cause a denial of service via application crash.; tags | advisory, remote, denial of service; systems | linux, ubuntu; advisories | CVE-2008-0891, CVE-2008-1672; SHA-256 | 72170722e776b145006331ae044204adfd085193899ab5cd2025bfbf47c1c984; Download | Favorite | View

Ubuntu Security Notice 620-1

=========================================================== 
Ubuntu Security Notice USN-620-1              June 26, 2008
openssl vulnerabilities
CVE-2008-0891, CVE-2008-1672
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libssl0.9.8                     0.9.8g-4ubuntu3.3

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

It was discovered that OpenSSL was vulnerable to a double-free
when using TLS server extensions. A remote attacker could send a
crafted packet and cause a denial of service via application crash
in applications linked against OpenSSL. Ubuntu 8.04 LTS does not
compile TLS server extensions by default. (CVE-2008-0891)

It was discovered that OpenSSL could dereference a NULL pointer.
If a user or automated system were tricked into connecting to a
malicious server with particular cipher suites, a remote attacker
could cause a denial of service via application crash.
(CVE-2008-1672)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3.diff.gz
      Size/MD5:    52995 b1cea7b7db0cb4522acd795c3928f6d6
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3.dsc
      Size/MD5:      912 ac4c66a0442648d7b1a1afd326609c54
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz
      Size/MD5:  3354792 acf70a16359bf3658bdfb74bda1c4419

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.3_all.deb
      Size/MD5:   628742 36c2d25fdf6427526076a8d6b5da2e96

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.3_amd64.udeb
      Size/MD5:   603880 84269c06376fba49d325c730777068c6
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.3_amd64.deb
      Size/MD5:  2064718 33f436e01452fc2731b30700d3e0cb25
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.3_amd64.deb
      Size/MD5:  1604058 c07455422c05690cab6b54026279f9e3
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.3_amd64.deb
      Size/MD5:   931362 43218bfe72915fb66bdf8c081f847fcb
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3_amd64.deb
      Size/MD5:   390580 1c33397eeeaf9c43dbadbc952effca25

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.3_i386.udeb
      Size/MD5:   564676 2afdf22196bfa295f2847798c28ebc56
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.3_i386.deb
      Size/MD5:  1941746 9e1601920ffb4579750c62e3bafcc788
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.3_i386.deb
      Size/MD5:  5341160 b92bf74a2f51c864239b7266dc902fd6
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.3_i386.deb
      Size/MD5:  2828380 bdfaf989e6b72ba194845ac03d5c27b4
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3_i386.deb
      Size/MD5:   385396 a91bd87423e0063ab2bb18ecf44ae995

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.3_lpia.udeb
      Size/MD5:   535446 5841b6cc1e0fae3393afabc957037822
    http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.3_lpia.deb
      Size/MD5:  1922442 32dcdad159f05decabf11549ff204f37
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.3_lpia.deb
      Size/MD5:  1512426 4fb1d4039493d3f2d08dcfb27de4dc31
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.3_lpia.deb
      Size/MD5:   842914 7924b29683950fdde4467c65e0e1d337
    http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3_lpia.deb
      Size/MD5:   390020 7a31e11f913264848caf9970c8b55859

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.3_powerpc.udeb
      Size/MD5:   610278 7d857eca164bdfff475280cf334fd968
    http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.3_powerpc.deb
      Size/MD5:  2077858 49b892b43342c57136963936314cd850
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.3_powerpc.deb
      Size/MD5:  1639382 34a79f78df92067f4be10eacbb72463d
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.3_powerpc.deb
      Size/MD5:   944698 1c4cae202d0012cd143bd81239b36c71
    http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3_powerpc.deb
      Size/MD5:   399184 b4a0cd49967333a6e617f7ddf6be1427

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.3_sparc.udeb
      Size/MD5:   559658 d065856a7822c4d5f5382b1ad1a652fe
    http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.3_sparc.deb
      Size/MD5:  1984612 c82132370120b65e6e278df0755eb1a6
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.3_sparc.deb
      Size/MD5:  3873772 dfcf08c38728d64842da3f378639b191
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.3_sparc.deb
      Size/MD5:  2241472 37861360b67b2ce0b038e49ea4a6ae67
    http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3_sparc.deb
      Size/MD5:   397828 ffe5e48d1e71e27bd8adf064f4adcc64

Top Authors In Last 30 Days

Red Hat 228 files
indoushka 159 files
Jay Turla 150 files
Ubuntu 65 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

Ubuntu Security Notice 620-1

Ubuntu Security Notice 620-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice 620-1

Share This

Ubuntu Security Notice 620-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems