=========================================================== Ubuntu Security Notice USN-339-1 September 05, 2006 openssl vulnerability CVE-2006-4339 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libssl0.9.7 0.9.7e-3ubuntu0.3 Ubuntu 5.10: libssl0.9.7 0.9.7g-1ubuntu1.2 Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key. Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.diff.gz Size/MD5: 29738 8ff4b43003645c9cc0340b7aeaa0e943 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.dsc Size/MD5: 645 f1d90d6945db3f52eb9e523cd2257cb3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e.orig.tar.gz Size/MD5: 3043231 a8777164bca38d84e5eb2b1535223474 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_amd64.udeb Size/MD5: 495170 6ecb42d8f16500657a823c246d90f721 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_amd64.deb Size/MD5: 2693394 8554202ca8540221956438754ce83daa http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_amd64.deb Size/MD5: 769732 1924597de3a34f244d50812ce47e839f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_amd64.deb Size/MD5: 903646 0da1a7985ac40c27bffd43effcdeb306 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_i386.udeb Size/MD5: 433284 3701e85ed202bc56684583e5cdcee090 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_i386.deb Size/MD5: 2492646 bbb95c47fede95c469d7fdef9faeedcf http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_i386.deb Size/MD5: 2241170 8f890db2ab8675adccb3e5f9e9129c97 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_i386.deb Size/MD5: 901102 f43171afd1211d5026a0241abbce7710 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_powerpc.udeb Size/MD5: 499392 6c4844845826d244a5062664d725d7f4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_powerpc.deb Size/MD5: 2774414 f275ee27e93d2ddbdf7af62837512b4a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_powerpc.deb Size/MD5: 779388 29c64dab8447a8a79c2b82e6aad0c900 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_powerpc.deb Size/MD5: 908166 34dc1579ba2d5543f841ca917c1f7f35 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.diff.gz Size/MD5: 30435 9ad78dd2d10b6a32b2efa84aeedc1b28 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.dsc Size/MD5: 657 1d871efaeb3b5bafccb17ec8787ae57c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g.orig.tar.gz Size/MD5: 3132217 991615f73338a571b6a1be7d74906934 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_amd64.udeb Size/MD5: 498836 bd128f07f8f4ff96c7a4ec0cd01a5a24 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_amd64.deb Size/MD5: 2699482 cdefd160fc10ae893743cff5bf872463 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_amd64.deb Size/MD5: 773202 41180b2c148cbee6a514ca07d9d8038c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_amd64.deb Size/MD5: 913254 4d7d2b9debbe46c070628174e4359281 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_i386.udeb Size/MD5: 430730 904e4e96ab1f84715cdf0db8bd34b5c5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_i386.deb Size/MD5: 2479858 e18443ee7bd4bacf1b2b9e1b64c9733e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_i386.deb Size/MD5: 2203354 799110bb4e00931d801208e97316c2a5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_i386.deb Size/MD5: 904410 d19a02f94c4e321112ba4cc4091ae398 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_powerpc.udeb Size/MD5: 476320 0e8146d671c590e6cfb260da7e7bd94e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_powerpc.deb Size/MD5: 2656084 4f5799481d8abb40bc7e5ff712349b33 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_powerpc.deb Size/MD5: 752756 24177008d7989591e7a10ce33e4f15e4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_powerpc.deb Size/MD5: 910052 ea5f2afb2b1e05913668d04cb14f4d5a sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_sparc.udeb Size/MD5: 452112 7287ea7ed03e385eedc38be06052e554 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_sparc.deb Size/MD5: 2569762 159afe6386461da5a10d58594604f923 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_sparc.deb Size/MD5: 1791288 d30b69f5e3d3b4b3ca6c889577d4c30a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_sparc.deb Size/MD5: 918074 81e40476e7153055043ee7ae07ab9b15 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.diff.gz Size/MD5: 35264 b4ff10d076548a137e80df0ea6133cf6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.dsc Size/MD5: 816 1748b5fba8b23850f0a35186e8d80b0b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_amd64.udeb Size/MD5: 571346 32560c34d375896443908ad44ef37724 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 2166016 7478ed6526daef015f02e53ecd29c794 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 1681264 f38fa12908776cad70e4f03f5d82ec52 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 873938 905d85741bd0f71d997b0ad1da0af1c1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 984054 0b7663affd06815eda8f814ce98eddf1 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_i386.udeb Size/MD5: 508988 17028f0a0751e40a77199e0727503726 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 2022304 daa0e6b56441e0b2fa71e14de831dc41 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 5046624 d14ffd5dccbba81c666d149b9b80affb http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 2591760 9581e906f3ba5da9983514eca0d10d82 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 975476 840ba1e9f244516df5cf9e5f48667879 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_powerpc.udeb Size/MD5: 557516 0ea8220e55677599c9867d9104bee981 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 2179304 8356a41ecc095a3a4ec4163f39374bda http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 1725322 7a60fe2ec5537c970d80cf5e48db1ebd http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 860294 6ba3aadd9a9f930e5c893165bc61ae93 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 979370 db3041b4dab69fe48bf2d34d572f4c36 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_sparc.udeb Size/MD5: 530316 67e7789eaa5ca6b1edf6408edc7c0835 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 2091014 a250f9740992c202cd088a0824ceb07a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 3939674 4007aa0e07366b2ac9c090409ef22e7b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 2089320 672bd1ace848bdb20496ff9ff66a8873 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 987236 ecacd01dc72995f246531c25e783a879