LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New OpenSSL packages fix cryptographic weakness Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian It was discovered that OpenSSL does not properly verify DSA signatures on X.509 certificates due to an API misuse, potentially leading to the acceptance of incorrect X.509 certificates as genuine (CVE-2008-5077).
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1701-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
January 12, 2009                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : openssl, openssl097
Vulnerability  : interpretation conflict
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-5077
Debian Bug     : 511196

It was discovered that OpenSSL does not properly verify DSA signatures
on X.509 certificates due to an API misuse, potentially leading to the
acceptance of incorrect X.509 certificates as genuine (CVE-2008-5077).

For the stable distribution (etch), this problem has been fixed in
version 0.9.8c-4etch4 of the openssl package, and version
0.9.7k-3.1etch2 of the openssl097 package.

For the unstable distribution (sid), this problem has been fixed in
version 0.9.8g-15.

The testing distribution (lenny) will be fixed soon.

We recommend that you upgrade your OpenSSL packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch2.dsc
    Size/MD5 checksum:     1069 fb69818a28ead5b3026dcafc1f5e92d5
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c.orig.tar.gz
    Size/MD5 checksum:  3313857 78454bec556bcb4c45129428a766c886
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4.diff.gz
    Size/MD5 checksum:    56230 ad913155fe55d659741976a1be02ee48
  http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k.orig.tar.gz
    Size/MD5 checksum:  3292692 be6bba1d67b26eabb48cf1774925416f
  http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch2.diff.gz
    Size/MD5 checksum:    34518 845a986c8a5170953c1e88c2d9965176
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4.dsc
    Size/MD5 checksum:     1107 fd0b477d237c473e3f1491e8821b155d

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_alpha.deb
    Size/MD5 checksum:  2561904 e0499757c84819b0cb4919de45e733c4
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_alpha.deb
    Size/MD5 checksum:  3822008 a63ea4834f1be21cf7dacd7a60817914
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_alpha.deb
    Size/MD5 checksum:  2209796 1d008a2d9fcb466c0e1393fd6cf1dced
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_alpha.deb
    Size/MD5 checksum:  4558410 af0dcd956ae91457c01c5152bea8c775
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_alpha.deb
    Size/MD5 checksum:  1026098 957ee2ef34a7aa24c41903eea6d1db51
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_alpha.deb
    Size/MD5 checksum:  2621108 d42a2d70f27723a8dc9aab1dfb83ad10
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_alpha.udeb
    Size/MD5 checksum:   677162 039dd8968e77f09312fc4e502601b6fe

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_amd64.deb
    Size/MD5 checksum:   891116 0d771317a58430e6ecea1e38e6889ef4
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_amd64.udeb
    Size/MD5 checksum:   580208 f08c5d2e4649dd9f077b440d3cd35963
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_amd64.deb
    Size/MD5 checksum:  1655264 ec946f04aa2fae3a001be8c7ae330839
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_amd64.deb
    Size/MD5 checksum:   753788 e5521b844646e69b1b8f2daa872b83b8
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_amd64.deb
    Size/MD5 checksum:   992378 417077b8de5a56b9dad0667f2ab5b6e2
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_amd64.deb
    Size/MD5 checksum:  2178820 effca1afcd65d7e418f3cb75dd875b1d
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_amd64.deb
    Size/MD5 checksum:  1326428 670a34f7c39343a7939ba43c4658821c

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_hppa.deb
    Size/MD5 checksum:  1586088 66b4b504f0e67fc74c9a98e1f6e8cbac
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_hppa.deb
    Size/MD5 checksum:  1274896 2dc2191758d272e05461f574bd50031b
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_hppa.deb
    Size/MD5 checksum:  1030994 cfe12740f5f0492a05646851dc042ba8
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_hppa.deb
    Size/MD5 checksum:   945354 e001f9834b3a7fbfd69963118afc7922
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_hppa.deb
    Size/MD5 checksum:   793836 489e8472b5b300e2627cd25be399f42f
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_hppa.udeb
    Size/MD5 checksum:   631120 18fb83375c2b5a6689703c1219ad4f65
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_hppa.deb
    Size/MD5 checksum:  2248436 0c045e8c6dcc0ee3e89d1808b3818eed

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_i386.deb
    Size/MD5 checksum:  2285788 a1b0456725a0ca95457c74672a235097
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_i386.deb
    Size/MD5 checksum:  1015498 04dd57145bc4d8fbd728bba329e7dc72
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_i386.udeb
    Size/MD5 checksum:   554698 e30b6a20efd74af8bbd5bfb5e9241113
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_i386.deb
    Size/MD5 checksum:  2721068 abec8c0872781f622454d14ae4e39bad
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_i386.deb
    Size/MD5 checksum:  4646314 e0a3f1a4d622f7a6a8886bb1bdf56bbe
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_i386.deb
    Size/MD5 checksum:  2094162 fe95acfa9d541760bbb0c0ed86982bcb
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_i386.deb
    Size/MD5 checksum:  5582804 aa194f9d43a3890d810e81086b4ee473

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_ia64.deb
    Size/MD5 checksum:  1263564 be2a79505ff0ae08e19c8ceeafdf7a08
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_ia64.deb
    Size/MD5 checksum:  2593624 3a198fb3a4a51e81340d2a1175766c91
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_ia64.deb
    Size/MD5 checksum:  1569658 4dbd1a9c3f4d0fe2b8906a8555e26105
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_ia64.deb
    Size/MD5 checksum:  1071264 45a62ed67f0ad2168cab559b45aa7de6
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_ia64.deb
    Size/MD5 checksum:  1192358 c28adf2245854e3b368d7f88590fc730
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_ia64.udeb
    Size/MD5 checksum:   801742 ce515f87f93a6364b22f94c5840a4729
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_ia64.deb
    Size/MD5 checksum:  1010004 4222d05c1eb0ce929c68f7c8cc11ecd3

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_mips.deb
    Size/MD5 checksum:  1693440 29a8f61c5cfb619d20235fb91cf9ff3b
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_mips.udeb
    Size/MD5 checksum:   580128 fc3af402963b6fa4d24b89a4afcd8bc3
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_mips.deb
    Size/MD5 checksum:   876210 f87b4773e3c70539302f5af3b51800b9
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_mips.deb
    Size/MD5 checksum:   993434 02a232c80759b81c67df2e6e6a2cca26
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_mips.deb
    Size/MD5 checksum:  2258938 be0d32157248efd6f87f450630ce22ef

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_mipsel.deb
    Size/MD5 checksum:   992856 85a14404d0cae1d5100721d014d5ee29
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_mipsel.deb
    Size/MD5 checksum:  2255990 1bd0adee660543138600882fc2e42d81
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_mipsel.deb
    Size/MD5 checksum:  1649560 22c06f600378978e094230c172db8ca4
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_mipsel.deb
    Size/MD5 checksum:   860700 bc11dc6212a74c8ca4bf6d314f929dff
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_mipsel.deb
    Size/MD5 checksum:   718942 4ad8442b8812dfe2fd4fcbe06591c3c2
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_mipsel.deb
    Size/MD5 checksum:  1317060 1d35b7e67204b5b31ab16c2514c69e02
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_mipsel.udeb
    Size/MD5 checksum:   566226 1300061de87860cdf5ecfaeb26839c5f

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_powerpc.deb
    Size/MD5 checksum:   743386 7e189844da3112f289ff8f96458b7d6e
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_powerpc.deb
    Size/MD5 checksum:  1002204 24f2f0ec4aa965ff9057f7055322b70e
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_powerpc.deb
    Size/MD5 checksum:  1728492 6074f055c8257f19962341a29c0dc1c2
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_powerpc.deb
    Size/MD5 checksum:  1382114 41b6f5900e7a6361625a7fde3329d389
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_powerpc.deb
    Size/MD5 checksum:   895634 495901098cb75b870810b6abcb82c187
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_powerpc.deb
    Size/MD5 checksum:  2210874 5b27bc4f2f2fc1c15957242a383b9921
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_powerpc.udeb
    Size/MD5 checksum:   585332 5cb7f5d282dd56d2825253006fc4ac29

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_s390.deb
    Size/MD5 checksum:  1317066 0e843e8f68a84557d8f9306c61609283
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_s390.deb
    Size/MD5 checksum:  2193894 d3d5eeb042d82e5b383177e08136b3cc
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_s390.deb
    Size/MD5 checksum:   951570 621f50aae93efdd5c31a94071e93eaa9
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_s390.deb
    Size/MD5 checksum:  1633204 4e6a635c45caa90a0f28f58286b5b2bf
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_s390.deb
    Size/MD5 checksum:  1014480 639c707aed6efc331f1c3b6b14322ee0
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_s390.deb
    Size/MD5 checksum:   794236 3bc1224270f26fb7b85eae99b18a1e97
  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_s390.udeb
    Size/MD5 checksum:   643020 41a09437ea5130fe0daed09edd4e6423

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_sparc.udeb
    Size/MD5 checksum:   539054 4807d481d7878ea7032d7aa9747e95e0
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_sparc.deb
    Size/MD5 checksum:  2124310 91c54b669eae9e38ae65486d5f082c6b
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_sparc.deb
    Size/MD5 checksum:  3418866 a6805a9c7125b04e0c226b2a90c9d5d2
  http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_sparc.deb
    Size/MD5 checksum:  1801340 af40fbabcf27d1c8a81d18f3e3d4ac4d
  http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_sparc.deb
    Size/MD5 checksum:  2113338 c5e7dd09e9c4133e9a06a286ace5b7ed
  http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_sparc.deb
    Size/MD5 checksum:  1020946 713c98cac975ec8c0c64c96812353f82
  http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_sparc.deb
    Size/MD5 checksum:  4089498 b1c0f345c3d51a9dea6dd07a003e6e4e


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says
What a hacker can learn about your life from the coffee shop’s Wi-Fi network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.