lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20110215205654.GG3946@nxnw.org>
Date: Tue, 15 Feb 2011 12:56:55 -0800
From: Steve Beattie <sbeattie@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-1064-1] OpenSSL vulnerability

===========================================================
Ubuntu Security Notice USN-1064-1         February 15, 2011
openssl vulnerability
CVE-2011-0014
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  libssl0.9.8                     0.9.8k-7ubuntu8.6

Ubuntu 10.10:
  libssl0.9.8                     0.9.8o-1ubuntu4.4

After a standard system update you need to reboot your computer to make
all the necessary changes.

Details follow:

Neel Mehta discovered that incorrectly formatted ClientHello handshake
messages could cause OpenSSL to parse past the end of the message.
This could allow a remote attacker to cause a crash and denial of
service by triggering invalid memory accesses.


Updated packages for Ubuntu 10.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6.diff.gz
      Size/MD5:   113947 666d4d39c8d15495574b3e8cde84d14b
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6.dsc
      Size/MD5:     2097 a9aee866b987128cbb53018bb4c3e076
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k.orig.tar.gz
      Size/MD5:  3852259 e555c6d58d276aec7fdc53363e338ab3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8k-7ubuntu8.6_all.deb
      Size/MD5:   640766 4410bba4b493067940d740ba0bfd9e36

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_amd64.udeb
      Size/MD5:   630236 4e57f2683a2fd11379ef834de483e92a
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_amd64.deb
      Size/MD5:  2143716 b73b8e9eca5d99faf5bba7b3ad885d0d
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_amd64.deb
      Size/MD5:  1650734 15024c4129edb6729aadd42a3c6625d9
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_amd64.udeb
      Size/MD5:   136136 c691630136d1888d9818afcbef5b3376
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_amd64.deb
      Size/MD5:   979838 e410fcc0f092be5bdf0dd48866030de6
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_amd64.deb
      Size/MD5:   406380 45ae705310a650701711237bc24834fa

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_i386.udeb
      Size/MD5:   582632 605d20a6d46358bb020263b589628bc7
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_i386.deb
      Size/MD5:  2006542 2651ca8bad5a1274f8ac9eb3c9928f10
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_i386.deb
      Size/MD5:  5806564 99755b3eed448fd0bedaf6c90c760222
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_i386.udeb
      Size/MD5:   129782 08548187135f8ef21f91c1206231c46c
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_i386.deb
      Size/MD5:  3015290 d32c63182c7b0eb4ef8eb8427d89ec65
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_i386.deb
      Size/MD5:   400386 0a10c201d957f574524d98d9e4b87df3

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_armel.udeb
      Size/MD5:   532308 0532b6933c19ecb8ddf0cf502acdbef7
    http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_armel.deb
      Size/MD5:  1935434 3b86a27ba4064993fa641b7a57700947
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_armel.deb
      Size/MD5:  1624860 cc66be850879a7506c83199a8307c0a8
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_armel.udeb
      Size/MD5:   115646 5f09e1585b7d8213a34c326e878d2855
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_armel.deb
      Size/MD5:   849808 fe1a2c9bb7fa58309897e2c74428565c
    http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_armel.deb
      Size/MD5:   394134 6dae0590575a5d6cca5ec37bee48c3d0

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_powerpc.udeb
      Size/MD5:   627048 9cc7f8c9c8e834804f6b8ad9d4f038e1
    http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_powerpc.deb
      Size/MD5:  2147450 1fa01d48576c59ece29b15e52067a061
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_powerpc.deb
      Size/MD5:  1718982 d8af42edbf4b9e0cd4e8a49db65d6c34
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_powerpc.udeb
      Size/MD5:   135572 9ceece261ebb15a1e736ea5a87936e29
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_powerpc.deb
      Size/MD5:   969796 9f000a8d471e6779147746d85bd672e2
    http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_powerpc.deb
      Size/MD5:   402854 37d4422ee00a9fe04c6edb02d79652ae

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_sparc.udeb
      Size/MD5:   597970 be4c632244422acea148a8b46c6bd2d4
    http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_sparc.deb
      Size/MD5:  2065588 5dcc87c24f3582085dd0c27a2dc6ca38
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_sparc.deb
      Size/MD5:  4094532 59af6b8697affcf4ee54d266f824c419
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_sparc.udeb
      Size/MD5:   125888 5bf540180404fc36f0ff593f26bbb4af
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_sparc.deb
      Size/MD5:  2354154 bfa9eab34e57f6066df484565a83ca62
    http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_sparc.deb
      Size/MD5:   419326 a339be63d8d5721fb821278fc73917f8

Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4.debian.tar.gz
      Size/MD5:    93256 d842e047afa927d7b45707e5662299b4
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4.dsc
      Size/MD5:     2113 a2453418b5f65205b4100fca4bbab478
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o.orig.tar.gz
      Size/MD5:  3772542 63ddc5116488985e820075e65fbe6aa4

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8o-1ubuntu4.4_all.deb
      Size/MD5:   645856 b87766f110e4001b91e52d831932293c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.4_amd64.udeb
      Size/MD5:   620310 4b921a5507e0d43d49f0959a40b6e698
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.4_amd64.deb
      Size/MD5:  2149904 1789acf946fa5fb29210c573e1c454a3
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.4_amd64.deb
      Size/MD5:  1550490 8890e9c5294c00c538bf8c33838e7223
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.4_amd64.udeb
      Size/MD5:   137390 46a1a45ee4b23451f504e80acf1f3e06
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.4_amd64.deb
      Size/MD5:   923110 2443af9e7f04a89766956a1897ef3109
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4_amd64.deb
      Size/MD5:   406004 35ab88b06cc50111ee30876069e62618

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.4_i386.udeb
      Size/MD5:   570726 64d9207ff0f9808cdd1fd5f67a3a41b2
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.4_i386.deb
      Size/MD5:  2012646 e036571cd83edf3a270a6875edeb7b1d
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.4_i386.deb
      Size/MD5:  1553820 4351ce2cf1de859743b84302ea216adc
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.4_i386.udeb
      Size/MD5:   130530 a49a036f44e0e5144063c447099957b7
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.4_i386.deb
      Size/MD5:   866474 f7ce89e52baa2d29bf56303ef4ceb7fa
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4_i386.deb
      Size/MD5:   400060 96e4e0a0c894e0509f7b5b0834b7f76e

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.4_armel.udeb
      Size/MD5:   566054 35f2b45ca48a64392522ec243d2e14aa
    http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.4_armel.deb
      Size/MD5:  2014346 9b1bc7134c7e9b5c4c0fab38c3ccee17
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.4_armel.deb
      Size/MD5:  1542334 15db4641260fd3f9fc247b7e8be73f7c
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.4_armel.udeb
      Size/MD5:   120460 ac27441462cd80a6244c11475241c5fb
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.4_armel.deb
      Size/MD5:   850040 8b6242e95592404cfb5457b3a2fefb00
    http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4_armel.deb
      Size/MD5:   406494 697677cbc870e7c857246d14777573c1

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.4_powerpc.udeb
      Size/MD5:   616136 a3c28af9e2d1314e6486ce9c1aef1b59
    http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.4_powerpc.deb
      Size/MD5:  2154734 f859e9290ca73eb92e34b160402c058f
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.4_powerpc.deb
      Size/MD5:  1618684 e729f6525a3b7180633d3b7f0ae78223
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.4_powerpc.udeb
      Size/MD5:   136090 f5ddcf671c6091f6bd42abf9cc5293d5
    http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.4_powerpc.deb
      Size/MD5:   917686 f505d2f147fc42c1babb5767c0d89199
    http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4_powerpc.deb
      Size/MD5:   402036 45760e9ca5448f7e25696c90da53b244



Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ