=========================================================== Ubuntu Security Notice USN-1064-1 February 15, 2011 openssl vulnerability CVE-2011-0014 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.6 Ubuntu 10.10: libssl0.9.8 0.9.8o-1ubuntu4.4 After a standard system update you need to reboot your computer to make all the necessary changes. Details follow: Neel Mehta discovered that incorrectly formatted ClientHello handshake messages could cause OpenSSL to parse past the end of the message. This could allow a remote attacker to cause a crash and denial of service by triggering invalid memory accesses. Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6.diff.gz Size/MD5: 113947 666d4d39c8d15495574b3e8cde84d14b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6.dsc Size/MD5: 2097 a9aee866b987128cbb53018bb4c3e076 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k.orig.tar.gz Size/MD5: 3852259 e555c6d58d276aec7fdc53363e338ab3 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8k-7ubuntu8.6_all.deb Size/MD5: 640766 4410bba4b493067940d740ba0bfd9e36 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_amd64.udeb Size/MD5: 630236 4e57f2683a2fd11379ef834de483e92a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_amd64.deb Size/MD5: 2143716 b73b8e9eca5d99faf5bba7b3ad885d0d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_amd64.deb Size/MD5: 1650734 15024c4129edb6729aadd42a3c6625d9 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_amd64.udeb Size/MD5: 136136 c691630136d1888d9818afcbef5b3376 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_amd64.deb Size/MD5: 979838 e410fcc0f092be5bdf0dd48866030de6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_amd64.deb Size/MD5: 406380 45ae705310a650701711237bc24834fa i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_i386.udeb Size/MD5: 582632 605d20a6d46358bb020263b589628bc7 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_i386.deb Size/MD5: 2006542 2651ca8bad5a1274f8ac9eb3c9928f10 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_i386.deb Size/MD5: 5806564 99755b3eed448fd0bedaf6c90c760222 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_i386.udeb Size/MD5: 129782 08548187135f8ef21f91c1206231c46c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_i386.deb Size/MD5: 3015290 d32c63182c7b0eb4ef8eb8427d89ec65 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_i386.deb Size/MD5: 400386 0a10c201d957f574524d98d9e4b87df3 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_armel.udeb Size/MD5: 532308 0532b6933c19ecb8ddf0cf502acdbef7 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_armel.deb Size/MD5: 1935434 3b86a27ba4064993fa641b7a57700947 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_armel.deb Size/MD5: 1624860 cc66be850879a7506c83199a8307c0a8 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_armel.udeb Size/MD5: 115646 5f09e1585b7d8213a34c326e878d2855 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_armel.deb Size/MD5: 849808 fe1a2c9bb7fa58309897e2c74428565c http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_armel.deb Size/MD5: 394134 6dae0590575a5d6cca5ec37bee48c3d0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_powerpc.udeb Size/MD5: 627048 9cc7f8c9c8e834804f6b8ad9d4f038e1 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_powerpc.deb Size/MD5: 2147450 1fa01d48576c59ece29b15e52067a061 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_powerpc.deb Size/MD5: 1718982 d8af42edbf4b9e0cd4e8a49db65d6c34 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_powerpc.udeb Size/MD5: 135572 9ceece261ebb15a1e736ea5a87936e29 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_powerpc.deb Size/MD5: 969796 9f000a8d471e6779147746d85bd672e2 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_powerpc.deb Size/MD5: 402854 37d4422ee00a9fe04c6edb02d79652ae sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_sparc.udeb Size/MD5: 597970 be4c632244422acea148a8b46c6bd2d4 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_sparc.deb Size/MD5: 2065588 5dcc87c24f3582085dd0c27a2dc6ca38 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_sparc.deb Size/MD5: 4094532 59af6b8697affcf4ee54d266f824c419 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_sparc.udeb Size/MD5: 125888 5bf540180404fc36f0ff593f26bbb4af http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_sparc.deb Size/MD5: 2354154 bfa9eab34e57f6066df484565a83ca62 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_sparc.deb Size/MD5: 419326 a339be63d8d5721fb821278fc73917f8 Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4.debian.tar.gz Size/MD5: 93256 d842e047afa927d7b45707e5662299b4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4.dsc Size/MD5: 2113 a2453418b5f65205b4100fca4bbab478 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o.orig.tar.gz Size/MD5: 3772542 63ddc5116488985e820075e65fbe6aa4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8o-1ubuntu4.4_all.deb Size/MD5: 645856 b87766f110e4001b91e52d831932293c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.4_amd64.udeb Size/MD5: 620310 4b921a5507e0d43d49f0959a40b6e698 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.4_amd64.deb Size/MD5: 2149904 1789acf946fa5fb29210c573e1c454a3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.4_amd64.deb Size/MD5: 1550490 8890e9c5294c00c538bf8c33838e7223 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.4_amd64.udeb Size/MD5: 137390 46a1a45ee4b23451f504e80acf1f3e06 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.4_amd64.deb Size/MD5: 923110 2443af9e7f04a89766956a1897ef3109 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4_amd64.deb Size/MD5: 406004 35ab88b06cc50111ee30876069e62618 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.4_i386.udeb Size/MD5: 570726 64d9207ff0f9808cdd1fd5f67a3a41b2 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.4_i386.deb Size/MD5: 2012646 e036571cd83edf3a270a6875edeb7b1d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.4_i386.deb Size/MD5: 1553820 4351ce2cf1de859743b84302ea216adc http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.4_i386.udeb Size/MD5: 130530 a49a036f44e0e5144063c447099957b7 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.4_i386.deb Size/MD5: 866474 f7ce89e52baa2d29bf56303ef4ceb7fa http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4_i386.deb Size/MD5: 400060 96e4e0a0c894e0509f7b5b0834b7f76e armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.4_armel.udeb Size/MD5: 566054 35f2b45ca48a64392522ec243d2e14aa http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.4_armel.deb Size/MD5: 2014346 9b1bc7134c7e9b5c4c0fab38c3ccee17 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.4_armel.deb Size/MD5: 1542334 15db4641260fd3f9fc247b7e8be73f7c http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.4_armel.udeb Size/MD5: 120460 ac27441462cd80a6244c11475241c5fb http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.4_armel.deb Size/MD5: 850040 8b6242e95592404cfb5457b3a2fefb00 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4_armel.deb Size/MD5: 406494 697677cbc870e7c857246d14777573c1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.4_powerpc.udeb Size/MD5: 616136 a3c28af9e2d1314e6486ce9c1aef1b59 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.4_powerpc.deb Size/MD5: 2154734 f859e9290ca73eb92e34b160402c058f http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.4_powerpc.deb Size/MD5: 1618684 e729f6525a3b7180633d3b7f0ae78223 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.4_powerpc.udeb Size/MD5: 136090 f5ddcf671c6091f6bd42abf9cc5293d5 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.4_powerpc.deb Size/MD5: 917686 f505d2f147fc42c1babb5767c0d89199 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4_powerpc.deb Size/MD5: 402036 45760e9ca5448f7e25696c90da53b244