LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 22nd, 2014
Linux Advisory Watch: September 19th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: OpenSSL vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that OpenSSL was vulnerable to a double-free when using TLS server extensions. A remote attacker could send a crafted packet and cause a denial of service via application crash in applications linked against OpenSSL. Ubuntu 8.04 LTS does not compile TLS server extensions by default. (CVE-2008-0891) It was discovered that OpenSSL could dereference a NULL pointer. If a user or automated system were tricked into connecting to a malicious server with particular cipher suites, a remote attacker could cause a denial of service via application crash. (CVE-2008-1672)
=========================================================== 
Ubuntu Security Notice USN-620-1              June 26, 2008
openssl vulnerabilities
CVE-2008-0891, CVE-2008-1672
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libssl0.9.8                     0.9.8g-4ubuntu3.3

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

It was discovered that OpenSSL was vulnerable to a double-free
when using TLS server extensions. A remote attacker could send a
crafted packet and cause a denial of service via application crash
in applications linked against OpenSSL. Ubuntu 8.04 LTS does not
compile TLS server extensions by default. (CVE-2008-0891)

It was discovered that OpenSSL could dereference a NULL pointer.
If a user or automated system were tricked into connecting to a
malicious server with particular cipher suites, a remote attacker
could cause a denial of service via application crash.
(CVE-2008-1672)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3.diff.gz
      Size/MD5:    52995 b1cea7b7db0cb4522acd795c3928f6d6
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3.dsc
      Size/MD5:      912 ac4c66a0442648d7b1a1afd326609c54
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz
      Size/MD5:  3354792 acf70a16359bf3658bdfb74bda1c4419

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.3_all.deb
      Size/MD5:   628742 36c2d25fdf6427526076a8d6b5da2e96

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.3_amd64.udeb
      Size/MD5:   603880 84269c06376fba49d325c730777068c6
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.3_amd64.deb
      Size/MD5:  2064718 33f436e01452fc2731b30700d3e0cb25
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.3_amd64.deb
      Size/MD5:  1604058 c07455422c05690cab6b54026279f9e3
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.3_amd64.deb
      Size/MD5:   931362 43218bfe72915fb66bdf8c081f847fcb
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3_amd64.deb
      Size/MD5:   390580 1c33397eeeaf9c43dbadbc952effca25

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.3_i386.udeb
      Size/MD5:   564676 2afdf22196bfa295f2847798c28ebc56
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.3_i386.deb
      Size/MD5:  1941746 9e1601920ffb4579750c62e3bafcc788
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.3_i386.deb
      Size/MD5:  5341160 b92bf74a2f51c864239b7266dc902fd6
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.3_i386.deb
      Size/MD5:  2828380 bdfaf989e6b72ba194845ac03d5c27b4
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3_i386.deb
      Size/MD5:   385396 a91bd87423e0063ab2bb18ecf44ae995

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.3_lpia.udeb
      Size/MD5:   535446 5841b6cc1e0fae3393afabc957037822
    http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.3_lpia.deb
      Size/MD5:  1922442 32dcdad159f05decabf11549ff204f37
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.3_lpia.deb
      Size/MD5:  1512426 4fb1d4039493d3f2d08dcfb27de4dc31
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.3_lpia.deb
      Size/MD5:   842914 7924b29683950fdde4467c65e0e1d337
    http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3_lpia.deb
      Size/MD5:   390020 7a31e11f913264848caf9970c8b55859

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.3_powerpc.udeb
      Size/MD5:   610278 7d857eca164bdfff475280cf334fd968
    http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.3_powerpc.deb
      Size/MD5:  2077858 49b892b43342c57136963936314cd850
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.3_powerpc.deb
      Size/MD5:  1639382 34a79f78df92067f4be10eacbb72463d
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.3_powerpc.deb
      Size/MD5:   944698 1c4cae202d0012cd143bd81239b36c71
    http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3_powerpc.deb
      Size/MD5:   399184 b4a0cd49967333a6e617f7ddf6be1427

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.3_sparc.udeb
      Size/MD5:   559658 d065856a7822c4d5f5382b1ad1a652fe
    http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.3_sparc.deb
      Size/MD5:  1984612 c82132370120b65e6e278df0755eb1a6
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.3_sparc.deb
      Size/MD5:  3873772 dfcf08c38728d64842da3f378639b191
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.3_sparc.deb
      Size/MD5:  2241472 37861360b67b2ce0b038e49ea4a6ae67
    http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.3_sparc.deb
      Size/MD5:   397828 ffe5e48d1e71e27bd8adf064f4adcc64



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google to turn on encryption by default in next Android version
TOR users become FBI's No.1 hacking target after legal power grab
OWASP Releases Latest App Sec Guide
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.