LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: OpenSSL vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-353-1 fixed several vulnerabilities in OpenSSL. However, Mark J Cox noticed that the applied patch for CVE-2006-2940 was flawed. This update corrects that patch. For reference, this is the relevant part of the original advisory: Certain types of public key could take disproportionate amounts of time to process. The library now limits the maximum key exponent size to avoid Denial of Service attacks. (CVE-2006-2940)
=========================================================== 
Ubuntu Security Notice USN-353-2           October 04, 2006
openssl vulnerability
CVE-2006-2940
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libssl0.9.7                              0.9.7e-3ubuntu0.6

Ubuntu 5.10:
  libssl0.9.7                              0.9.7g-1ubuntu1.5

Ubuntu 6.06 LTS:
  libssl0.9.8                              0.9.8a-7ubuntu0.3

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

USN-353-1 fixed several vulnerabilities in OpenSSL. However, Mark J
Cox noticed that the applied patch for CVE-2006-2940 was flawed. This
update corrects that patch.

For reference, this is the relevant part of the original advisory:

  Certain types of public key could take disproportionate amounts of
  time to process. The library now limits the maximum key exponent
  size to avoid Denial of Service attacks. (CVE-2006-2940)


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6.diff.gz
      Size/MD5:    31740 97bbcc504a6a95a33dbbdc5cbd37229e
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6.dsc
      Size/MD5:      645 6d09dca9825c7249d785a307b0425ae9
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e.orig.tar.gz
      Size/MD5:  3043231 a8777164bca38d84e5eb2b1535223474

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.6_amd64.udeb
      Size/MD5:   495260 fd92e08373a92041809218c214823b73
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.6_amd64.deb
      Size/MD5:  2694372 eb5ca3d700f0cc9212c41b6f734b4f88
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.6_amd64.deb
      Size/MD5:   770484 3ea407d9dade085833bbf317486b04c8
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6_amd64.deb
      Size/MD5:   904306 ed9e6cd718227584e7ad53127c20792a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.6_i386.udeb
      Size/MD5:   433546 a9c706c6822ac597b71ea68f39b222db
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.6_i386.deb
      Size/MD5:  2493948 adf386221e765a18e8a0c8e0d741f2b9
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.6_i386.deb
      Size/MD5:  2243670 e7d78553fcc4be0c6d78be9af286277d
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6_i386.deb
      Size/MD5:   901660 dbbcff730990c1b5e499ea5ce73f13be

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.6_powerpc.udeb
      Size/MD5:   499482 19be15b0af113962bed13516f77f9de4
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.6_powerpc.deb
      Size/MD5:  2775178 33815f085aa8fe83ff6c7f6e0558c50b
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.6_powerpc.deb
      Size/MD5:   780064 d5d41d880620b041859716fa27647cf7
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6_powerpc.deb
      Size/MD5:   908756 b70e6794f0761eefb77e0ecafe0a2e7f

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5.diff.gz
      Size/MD5:    32414 b229018d41456fea8a0a0cd07ed666ac
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5.dsc
      Size/MD5:      657 f490ddbc922b8f99f7d76b8b4d9e7554
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g.orig.tar.gz
      Size/MD5:  3132217 991615f73338a571b6a1be7d74906934

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.5_amd64.udeb
      Size/MD5:   499082 8d5e5984dc233f31a5dbeea947608279
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.5_amd64.deb
      Size/MD5:  2700700 1fb82d9ef43428f64ee1ed77c9a84c3b
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.5_amd64.deb
      Size/MD5:   774050 a14cd3488b047eedd5c6a511d17d3848
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5_amd64.deb
      Size/MD5:   913768 497ff7cb1442d0edebcd112372008762

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.5_i386.udeb
      Size/MD5:   430860 5e835590b53eaa89ec7cd2bc2e1b99a8
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.5_i386.deb
      Size/MD5:  2480760 abe67af668e4359a7ea1544999d4fa3a
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.5_i386.deb
      Size/MD5:  2204166 1a49e73dc08337207bdf1fdd35da9b3c
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5_i386.deb
      Size/MD5:   905070 2b4ed16c32c85c3e171c74ecf47d48f2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.5_powerpc.udeb
      Size/MD5:   476068 9e80d79f4baa0649780b07661fa0006f
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.5_powerpc.deb
      Size/MD5:  2657462 415168d23fdd5cd5aadab1817af14dc8
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.5_powerpc.deb
      Size/MD5:   753114 76b57913747daa2efa625e4dbd2c0945
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5_powerpc.deb
      Size/MD5:   910852 501f4e45f0c958a587504a214638593d

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.5_sparc.udeb
      Size/MD5:   452400 f388d5550604ea1c194943565c9c88f8
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.5_sparc.deb
      Size/MD5:  2570894 53f9512bddf32bf101fc563e105b38df
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.5_sparc.deb
      Size/MD5:  1792802 b36edc4a2383542b40806a5ad17fa397
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5_sparc.deb
      Size/MD5:   918750 37f5cad9302acd8732e35759d8285388

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3.diff.gz
      Size/MD5:    38727 0de47d9b6073c3eb3b0aaeb1ec19557c
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3.dsc
      Size/MD5:      842 37bb6220c7bc2b8248a7cb4f0c435c87
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz
      Size/MD5:  3271435 1d16c727c10185e4d694f87f5e424ee1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.3_amd64.udeb
      Size/MD5:   571660 9f5da17c29b6008f5187dc29a994dec6
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.3_amd64.deb
      Size/MD5:  2167096 37193ba610eb183727b08a8d29a52370
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.3_amd64.deb
      Size/MD5:  1681718 28b7991056396dd84066fa12feaddb3d
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.3_amd64.deb
      Size/MD5:   874776 77dad585b05064144a5a5081553a916f
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3_amd64.deb
      Size/MD5:   984456 f151de60b61e372a4f45191b224aab89

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.3_i386.udeb
      Size/MD5:   509408 bede1435d39bad1a9350b068d816e2fd
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.3_i386.deb
      Size/MD5:  2023440 3c4052d07abe7d7984a774ca815ba4cf
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.3_i386.deb
      Size/MD5:  5049972 9ee23d1cf22447597f74709e94ce5b00
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.3_i386.deb
      Size/MD5:  2594438 73e77f375a0971b6a7d348f5f13e7e45
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3_i386.deb
      Size/MD5:   975868 6de7e21c1aae9aed6ecd022e8ef23d48

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.3_powerpc.udeb
      Size/MD5:   557826 561f2c09651e10bb80c15f22795d5d67
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.3_powerpc.deb
      Size/MD5:  2180710 61ebd17beaac083dca963e929e41efbd
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.3_powerpc.deb
      Size/MD5:  1726292 151d9af6d167204709bf147645841965
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.3_powerpc.deb
      Size/MD5:   861142 33e665ab46e0b2f49b5a7aab94bbfb62
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3_powerpc.deb
      Size/MD5:   980002 779342146ba762133545d748cea0f2c7

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.3_sparc.udeb
      Size/MD5:   530758 abfbc69a6f30ed2f53eaccd68916f54c
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.3_sparc.deb
      Size/MD5:  2092540 aebf715141756e6adfd1c2c3b1245790
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.3_sparc.deb
      Size/MD5:  3941106 139f6bcdb0b7f8664a2361c40a86e74e
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.3_sparc.deb
      Size/MD5:  2090902 574fde5c22ff1d3b31f7cd3d91df1c86
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3_sparc.deb
      Size/MD5:   987962 99b8b5715a58a54264abcfe193d26e3a

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia
Even the most secure cloud storage may not be so secure, study finds
Targeted Attack Uses Heartbleed to Hijack VPN Sessions
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.