lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060905145946.GE4961@piware.de>
Date: Tue, 5 Sep 2006 16:59:46 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-339-1] OpenSSL vulnerability

=========================================================== 
Ubuntu Security Notice USN-339-1         September 05, 2006
openssl vulnerability
CVE-2006-4339
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libssl0.9.7                              0.9.7e-3ubuntu0.3

Ubuntu 5.10:
  libssl0.9.7                              0.9.7g-1ubuntu1.2

Ubuntu 6.06 LTS:
  libssl0.9.8                              0.9.8a-7ubuntu0.1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of
Google Security discovered that the OpenSSL library did not
sufficiently check the padding of PKCS #1 v1.5 signatures if the
exponent of the public key is 3 (which is widely used for CAs). This
could be exploited to forge signatures without the need of the secret
key.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.diff.gz
      Size/MD5:    29738 8ff4b43003645c9cc0340b7aeaa0e943
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.dsc
      Size/MD5:      645 f1d90d6945db3f52eb9e523cd2257cb3
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e.orig.tar.gz
      Size/MD5:  3043231 a8777164bca38d84e5eb2b1535223474

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_amd64.udeb
      Size/MD5:   495170 6ecb42d8f16500657a823c246d90f721
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_amd64.deb
      Size/MD5:  2693394 8554202ca8540221956438754ce83daa
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_amd64.deb
      Size/MD5:   769732 1924597de3a34f244d50812ce47e839f
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_amd64.deb
      Size/MD5:   903646 0da1a7985ac40c27bffd43effcdeb306

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_i386.udeb
      Size/MD5:   433284 3701e85ed202bc56684583e5cdcee090
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_i386.deb
      Size/MD5:  2492646 bbb95c47fede95c469d7fdef9faeedcf
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_i386.deb
      Size/MD5:  2241170 8f890db2ab8675adccb3e5f9e9129c97
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_i386.deb
      Size/MD5:   901102 f43171afd1211d5026a0241abbce7710

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_powerpc.udeb
      Size/MD5:   499392 6c4844845826d244a5062664d725d7f4
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_powerpc.deb
      Size/MD5:  2774414 f275ee27e93d2ddbdf7af62837512b4a
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_powerpc.deb
      Size/MD5:   779388 29c64dab8447a8a79c2b82e6aad0c900
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_powerpc.deb
      Size/MD5:   908166 34dc1579ba2d5543f841ca917c1f7f35

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.diff.gz
      Size/MD5:    30435 9ad78dd2d10b6a32b2efa84aeedc1b28
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.dsc
      Size/MD5:      657 1d871efaeb3b5bafccb17ec8787ae57c
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g.orig.tar.gz
      Size/MD5:  3132217 991615f73338a571b6a1be7d74906934

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_amd64.udeb
      Size/MD5:   498836 bd128f07f8f4ff96c7a4ec0cd01a5a24
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_amd64.deb
      Size/MD5:  2699482 cdefd160fc10ae893743cff5bf872463
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_amd64.deb
      Size/MD5:   773202 41180b2c148cbee6a514ca07d9d8038c
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_amd64.deb
      Size/MD5:   913254 4d7d2b9debbe46c070628174e4359281

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_i386.udeb
      Size/MD5:   430730 904e4e96ab1f84715cdf0db8bd34b5c5
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_i386.deb
      Size/MD5:  2479858 e18443ee7bd4bacf1b2b9e1b64c9733e
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_i386.deb
      Size/MD5:  2203354 799110bb4e00931d801208e97316c2a5
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_i386.deb
      Size/MD5:   904410 d19a02f94c4e321112ba4cc4091ae398

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_powerpc.udeb
      Size/MD5:   476320 0e8146d671c590e6cfb260da7e7bd94e
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_powerpc.deb
      Size/MD5:  2656084 4f5799481d8abb40bc7e5ff712349b33
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_powerpc.deb
      Size/MD5:   752756 24177008d7989591e7a10ce33e4f15e4
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_powerpc.deb
      Size/MD5:   910052 ea5f2afb2b1e05913668d04cb14f4d5a

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_sparc.udeb
      Size/MD5:   452112 7287ea7ed03e385eedc38be06052e554
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_sparc.deb
      Size/MD5:  2569762 159afe6386461da5a10d58594604f923
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_sparc.deb
      Size/MD5:  1791288 d30b69f5e3d3b4b3ca6c889577d4c30a
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_sparc.deb
      Size/MD5:   918074 81e40476e7153055043ee7ae07ab9b15

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.diff.gz
      Size/MD5:    35264 b4ff10d076548a137e80df0ea6133cf6
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.dsc
      Size/MD5:      816 1748b5fba8b23850f0a35186e8d80b0b
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz
      Size/MD5:  3271435 1d16c727c10185e4d694f87f5e424ee1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_amd64.udeb
      Size/MD5:   571346 32560c34d375896443908ad44ef37724
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_amd64.deb
      Size/MD5:  2166016 7478ed6526daef015f02e53ecd29c794
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_amd64.deb
      Size/MD5:  1681264 f38fa12908776cad70e4f03f5d82ec52
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_amd64.deb
      Size/MD5:   873938 905d85741bd0f71d997b0ad1da0af1c1
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_amd64.deb
      Size/MD5:   984054 0b7663affd06815eda8f814ce98eddf1

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_i386.udeb
      Size/MD5:   508988 17028f0a0751e40a77199e0727503726
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_i386.deb
      Size/MD5:  2022304 daa0e6b56441e0b2fa71e14de831dc41
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_i386.deb
      Size/MD5:  5046624 d14ffd5dccbba81c666d149b9b80affb
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_i386.deb
      Size/MD5:  2591760 9581e906f3ba5da9983514eca0d10d82
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_i386.deb
      Size/MD5:   975476 840ba1e9f244516df5cf9e5f48667879

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_powerpc.udeb
      Size/MD5:   557516 0ea8220e55677599c9867d9104bee981
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_powerpc.deb
      Size/MD5:  2179304 8356a41ecc095a3a4ec4163f39374bda
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_powerpc.deb
      Size/MD5:  1725322 7a60fe2ec5537c970d80cf5e48db1ebd
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_powerpc.deb
      Size/MD5:   860294 6ba3aadd9a9f930e5c893165bc61ae93
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_powerpc.deb
      Size/MD5:   979370 db3041b4dab69fe48bf2d34d572f4c36

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_sparc.udeb
      Size/MD5:   530316 67e7789eaa5ca6b1edf6408edc7c0835
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_sparc.deb
      Size/MD5:  2091014 a250f9740992c202cd088a0824ceb07a
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_sparc.deb
      Size/MD5:  3939674 4007aa0e07366b2ac9c090409ef22e7b
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_sparc.deb
      Size/MD5:  2089320 672bd1ace848bdb20496ff9ff66a8873
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_sparc.deb
      Size/MD5:   987236 ecacd01dc72995f246531c25e783a879


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ