[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080514202025.GC7483@severus.strandboge.com>
Date: Wed, 14 May 2008 16:20:25 -0400
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-612-6] OpenVPN regression
===========================================================
Ubuntu Security Notice USN-612-6 May 14, 2008
openvpn regression
https://launchpad.net/bugs/230193
https://launchpad.net/bugs/230208
http://www.ubuntu.com/usn/usn-612-3
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.04:
openssl-blacklist 0.1-0ubuntu0.7.04.2
openvpn 2.0.9-5ubuntu0.2
Ubuntu 7.10:
openssl-blacklist 0.1-0ubuntu0.7.10.2
openvpn 2.0.9-8ubuntu0.2
Ubuntu 8.04 LTS:
openssl-blacklist 0.1-0ubuntu0.8.04.2
openvpn 2.1~rc7-1ubuntu3.2
After a standard system upgrade you need to restart openvpn to effect
the necessary changes.
Details follow:
USN-612-3 addressed a weakness in OpenSSL certificate and keys
generation in OpenVPN by adding checks for vulnerable certificates
and keys to OpenVPN. A regression was introduced in OpenVPN when
using TLS and multi-client/server which caused OpenVPN to not start
when using valid SSL certificates.
It was also found that openssl-vulnkey from openssl-blacklist
would fail when stderr was not available. This caused OpenVPN to
fail to start when used with applications such as NetworkManager.
This update fixes these problems. We apologize for the
inconvenience.
Original advisory details:
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.04.2.dsc
Size/MD5: 548 6fbd0fe22ee9e03f7953beab58f769c2
http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.04.2.tar.gz
Size/MD5: 7778456 eee4434860560905a3af66468100a348
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2.diff.gz
Size/MD5: 61701 d39b369ff928f451c70bf0779e75f405
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2.dsc
Size/MD5: 641 262ef73ef3557dc4959889b46848138e
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9.orig.tar.gz
Size/MD5: 669076 60745008b90b7dbe25fe8337c550fec6
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.04.2_all.deb
Size/MD5: 3535226 ad5b8c02f9edf0c7701867fcace63d99
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2_amd64.deb
Size/MD5: 356590 f64d86a6b713cd8326a905e857c3d828
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2_i386.deb
Size/MD5: 337570 f6898a1af5591c8f8ca93bf3241c7553
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2_powerpc.deb
Size/MD5: 358182 501e0707d6190c33fb0570f5ca1b3541
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2_sparc.deb
Size/MD5: 336370 d18a832bf8564796069c8e66e8c6fb5a
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.10.2.dsc
Size/MD5: 548 8abff8f249ed0e1a0e944716a7bc917b
http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.10.2.tar.gz
Size/MD5: 7778457 79b3c02e1d9c759172e8bd696a3d392c
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.2.diff.gz
Size/MD5: 65145 40ac90ce5aca10e2be6410eef3bc7d45
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.2.dsc
Size/MD5: 642 350b124caa02ab5015a7faae3d5d11d6
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9.orig.tar.gz
Size/MD5: 669076 60745008b90b7dbe25fe8337c550fec6
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.10.2_all.deb
Size/MD5: 3535452 16cee119a4c57d8d6644e638273c831d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.2_amd64.deb
Size/MD5: 362166 087beb48ed1ec72f4aac38d425e404af
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.2_i386.deb
Size/MD5: 341986 c2d7d6f13b7b8f94c4687d7dcd0e5940
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.2_lpia.deb
Size/MD5: 343546 bc15cd4c335ef8a007f85cff8e1e308f
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.2_powerpc.deb
Size/MD5: 363492 75ca3479943634cff266abdb10d9635d
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.2_sparc.deb
Size/MD5: 341774 ae2df701be65b3cf2cbae44ae3f47fbc
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.8.04.2.dsc
Size/MD5: 548 a4ba4a5fefb358127a9887ead15899fb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.8.04.2.tar.gz
Size/MD5: 7778452 ed6ed6c9d44d498da27c467112da51dc
http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.2.diff.gz
Size/MD5: 36383 df12dec18746624b44785c17444ac461
http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.2.dsc
Size/MD5: 646 1e4f69e842af1e8dfedba7df39e500ef
http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7.orig.tar.gz
Size/MD5: 786288 dac8b5104b5eb105ba82b2525d371d58
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.8.04.2_all.deb
Size/MD5: 3534948 258d2779ea1fb5fe8dd67eb9f920ed06
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.2_amd64.deb
Size/MD5: 391056 7756bf70867fc0a28f448b94af4bcdf3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.2_i386.deb
Size/MD5: 372454 f9c5766c86e6f20dab634ccf48a890a0
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.2_lpia.deb
Size/MD5: 371466 14e8bc2c2adc623e65b2e862b4d56ab2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.2_powerpc.deb
Size/MD5: 391702 92b67d4672dd43d46ee52da557289760
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.2_sparc.deb
Size/MD5: 369260 ae821d7f2f582c459e1796d7fa587da1
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
Powered by blists - more mailing lists