[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060905145946.GE4961@piware.de>
Date: Tue, 5 Sep 2006 16:59:46 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-339-1] OpenSSL vulnerability
===========================================================
Ubuntu Security Notice USN-339-1 September 05, 2006
openssl vulnerability
CVE-2006-4339
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libssl0.9.7 0.9.7e-3ubuntu0.3
Ubuntu 5.10:
libssl0.9.7 0.9.7g-1ubuntu1.2
Ubuntu 6.06 LTS:
libssl0.9.8 0.9.8a-7ubuntu0.1
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Details follow:
Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of
Google Security discovered that the OpenSSL library did not
sufficiently check the padding of PKCS #1 v1.5 signatures if the
exponent of the public key is 3 (which is widely used for CAs). This
could be exploited to forge signatures without the need of the secret
key.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.diff.gz
Size/MD5: 29738 8ff4b43003645c9cc0340b7aeaa0e943
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.dsc
Size/MD5: 645 f1d90d6945db3f52eb9e523cd2257cb3
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e.orig.tar.gz
Size/MD5: 3043231 a8777164bca38d84e5eb2b1535223474
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_amd64.udeb
Size/MD5: 495170 6ecb42d8f16500657a823c246d90f721
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_amd64.deb
Size/MD5: 2693394 8554202ca8540221956438754ce83daa
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_amd64.deb
Size/MD5: 769732 1924597de3a34f244d50812ce47e839f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_amd64.deb
Size/MD5: 903646 0da1a7985ac40c27bffd43effcdeb306
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_i386.udeb
Size/MD5: 433284 3701e85ed202bc56684583e5cdcee090
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_i386.deb
Size/MD5: 2492646 bbb95c47fede95c469d7fdef9faeedcf
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_i386.deb
Size/MD5: 2241170 8f890db2ab8675adccb3e5f9e9129c97
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_i386.deb
Size/MD5: 901102 f43171afd1211d5026a0241abbce7710
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_powerpc.udeb
Size/MD5: 499392 6c4844845826d244a5062664d725d7f4
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_powerpc.deb
Size/MD5: 2774414 f275ee27e93d2ddbdf7af62837512b4a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_powerpc.deb
Size/MD5: 779388 29c64dab8447a8a79c2b82e6aad0c900
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_powerpc.deb
Size/MD5: 908166 34dc1579ba2d5543f841ca917c1f7f35
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.diff.gz
Size/MD5: 30435 9ad78dd2d10b6a32b2efa84aeedc1b28
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.dsc
Size/MD5: 657 1d871efaeb3b5bafccb17ec8787ae57c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g.orig.tar.gz
Size/MD5: 3132217 991615f73338a571b6a1be7d74906934
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_amd64.udeb
Size/MD5: 498836 bd128f07f8f4ff96c7a4ec0cd01a5a24
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_amd64.deb
Size/MD5: 2699482 cdefd160fc10ae893743cff5bf872463
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_amd64.deb
Size/MD5: 773202 41180b2c148cbee6a514ca07d9d8038c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_amd64.deb
Size/MD5: 913254 4d7d2b9debbe46c070628174e4359281
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_i386.udeb
Size/MD5: 430730 904e4e96ab1f84715cdf0db8bd34b5c5
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_i386.deb
Size/MD5: 2479858 e18443ee7bd4bacf1b2b9e1b64c9733e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_i386.deb
Size/MD5: 2203354 799110bb4e00931d801208e97316c2a5
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_i386.deb
Size/MD5: 904410 d19a02f94c4e321112ba4cc4091ae398
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_powerpc.udeb
Size/MD5: 476320 0e8146d671c590e6cfb260da7e7bd94e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_powerpc.deb
Size/MD5: 2656084 4f5799481d8abb40bc7e5ff712349b33
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_powerpc.deb
Size/MD5: 752756 24177008d7989591e7a10ce33e4f15e4
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_powerpc.deb
Size/MD5: 910052 ea5f2afb2b1e05913668d04cb14f4d5a
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_sparc.udeb
Size/MD5: 452112 7287ea7ed03e385eedc38be06052e554
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_sparc.deb
Size/MD5: 2569762 159afe6386461da5a10d58594604f923
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_sparc.deb
Size/MD5: 1791288 d30b69f5e3d3b4b3ca6c889577d4c30a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_sparc.deb
Size/MD5: 918074 81e40476e7153055043ee7ae07ab9b15
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.diff.gz
Size/MD5: 35264 b4ff10d076548a137e80df0ea6133cf6
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.dsc
Size/MD5: 816 1748b5fba8b23850f0a35186e8d80b0b
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz
Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_amd64.udeb
Size/MD5: 571346 32560c34d375896443908ad44ef37724
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_amd64.deb
Size/MD5: 2166016 7478ed6526daef015f02e53ecd29c794
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_amd64.deb
Size/MD5: 1681264 f38fa12908776cad70e4f03f5d82ec52
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_amd64.deb
Size/MD5: 873938 905d85741bd0f71d997b0ad1da0af1c1
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_amd64.deb
Size/MD5: 984054 0b7663affd06815eda8f814ce98eddf1
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_i386.udeb
Size/MD5: 508988 17028f0a0751e40a77199e0727503726
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_i386.deb
Size/MD5: 2022304 daa0e6b56441e0b2fa71e14de831dc41
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_i386.deb
Size/MD5: 5046624 d14ffd5dccbba81c666d149b9b80affb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_i386.deb
Size/MD5: 2591760 9581e906f3ba5da9983514eca0d10d82
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_i386.deb
Size/MD5: 975476 840ba1e9f244516df5cf9e5f48667879
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_powerpc.udeb
Size/MD5: 557516 0ea8220e55677599c9867d9104bee981
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_powerpc.deb
Size/MD5: 2179304 8356a41ecc095a3a4ec4163f39374bda
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_powerpc.deb
Size/MD5: 1725322 7a60fe2ec5537c970d80cf5e48db1ebd
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_powerpc.deb
Size/MD5: 860294 6ba3aadd9a9f930e5c893165bc61ae93
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_powerpc.deb
Size/MD5: 979370 db3041b4dab69fe48bf2d34d572f4c36
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_sparc.udeb
Size/MD5: 530316 67e7789eaa5ca6b1edf6408edc7c0835
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_sparc.deb
Size/MD5: 2091014 a250f9740992c202cd088a0824ceb07a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_sparc.deb
Size/MD5: 3939674 4007aa0e07366b2ac9c090409ef22e7b
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_sparc.deb
Size/MD5: 2089320 672bd1ace848bdb20496ff9ff66a8873
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_sparc.deb
Size/MD5: 987236 ecacd01dc72995f246531c25e783a879
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists