| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue May 3 12:25:44 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-113-1] libnet-ssleay-perl vulnerability
===========================================================
Ubuntu Security Notice USN-113-1 May 03, 2005
libnet-ssleay-perl vulnerability
CAN-2005-0106
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
libnet-ssleay-perl
The problem can be corrected by upgrading the affected package to version
1.25-1ubuntu0.2. In general, a standard system upgrade is sufficient to effect
the necessary changes.
Details follow:
Javier Fernandez-Sanguino Pena discovered that this library used the
file /tmp/entropy as a fallback entropy source if a proper source was
not set in the environment variable EGD_PATH. This can potentially
lead to weakened cryptographic operations if an attacker provides a
/tmp/entropy file with known content.
The updated package requires the specification of an entropy source
with EGD_PATH and also requires that the source is a socket (as
opposed to a normal file).
Please note that this only affects systems which have egd installed
from third party sources; egd is not shipped with Ubuntu.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25-1ubuntu0.2.dsc
Size/MD5: 668 90dfb26e445d7eeb68ee39c69148c649
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25-1ubuntu0.2.diff.gz
Size/MD5: 5901 b148bdb144acea8eff268f766b6cb6c0
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25.orig.tar.gz
Size/MD5: 76627 d32f3fa38b1c49a2a98e75577d5dc10b
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25-1ubuntu0.2_i386.deb
Size/MD5: 177492 2a5250e82cd4dac83a061d0e6de68423
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25-1ubuntu0.2_powerpc.deb
Size/MD5: 182298 d7d20090fb0b24a620f79e50d39ff0a4
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25-1ubuntu0.2_amd64.deb
Size/MD5: 179592 931ccca9ba5fe8bd0a89152f7b6b6cef
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050503/864d423d/attachment.bin
Powered by blists - more mailing lists