[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061004171837.GJ4948@piware.de>
Date: Wed, 4 Oct 2006 19:18:37 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-353-2] OpenSSL vulnerability
===========================================================
Ubuntu Security Notice USN-353-2 October 04, 2006
openssl vulnerability
CVE-2006-2940
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libssl0.9.7 0.9.7e-3ubuntu0.6
Ubuntu 5.10:
libssl0.9.7 0.9.7g-1ubuntu1.5
Ubuntu 6.06 LTS:
libssl0.9.8 0.9.8a-7ubuntu0.3
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Details follow:
USN-353-1 fixed several vulnerabilities in OpenSSL. However, Mark J
Cox noticed that the applied patch for CVE-2006-2940 was flawed. This
update corrects that patch.
For reference, this is the relevant part of the original advisory:
Certain types of public key could take disproportionate amounts of
time to process. The library now limits the maximum key exponent
size to avoid Denial of Service attacks. (CVE-2006-2940)
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6.diff.gz
Size/MD5: 31740 97bbcc504a6a95a33dbbdc5cbd37229e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6.dsc
Size/MD5: 645 6d09dca9825c7249d785a307b0425ae9
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e.orig.tar.gz
Size/MD5: 3043231 a8777164bca38d84e5eb2b1535223474
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.6_amd64.udeb
Size/MD5: 495260 fd92e08373a92041809218c214823b73
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.6_amd64.deb
Size/MD5: 2694372 eb5ca3d700f0cc9212c41b6f734b4f88
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.6_amd64.deb
Size/MD5: 770484 3ea407d9dade085833bbf317486b04c8
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6_amd64.deb
Size/MD5: 904306 ed9e6cd718227584e7ad53127c20792a
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.6_i386.udeb
Size/MD5: 433546 a9c706c6822ac597b71ea68f39b222db
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.6_i386.deb
Size/MD5: 2493948 adf386221e765a18e8a0c8e0d741f2b9
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.6_i386.deb
Size/MD5: 2243670 e7d78553fcc4be0c6d78be9af286277d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6_i386.deb
Size/MD5: 901660 dbbcff730990c1b5e499ea5ce73f13be
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.6_powerpc.udeb
Size/MD5: 499482 19be15b0af113962bed13516f77f9de4
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.6_powerpc.deb
Size/MD5: 2775178 33815f085aa8fe83ff6c7f6e0558c50b
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.6_powerpc.deb
Size/MD5: 780064 d5d41d880620b041859716fa27647cf7
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6_powerpc.deb
Size/MD5: 908756 b70e6794f0761eefb77e0ecafe0a2e7f
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5.diff.gz
Size/MD5: 32414 b229018d41456fea8a0a0cd07ed666ac
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5.dsc
Size/MD5: 657 f490ddbc922b8f99f7d76b8b4d9e7554
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g.orig.tar.gz
Size/MD5: 3132217 991615f73338a571b6a1be7d74906934
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.5_amd64.udeb
Size/MD5: 499082 8d5e5984dc233f31a5dbeea947608279
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.5_amd64.deb
Size/MD5: 2700700 1fb82d9ef43428f64ee1ed77c9a84c3b
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.5_amd64.deb
Size/MD5: 774050 a14cd3488b047eedd5c6a511d17d3848
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5_amd64.deb
Size/MD5: 913768 497ff7cb1442d0edebcd112372008762
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.5_i386.udeb
Size/MD5: 430860 5e835590b53eaa89ec7cd2bc2e1b99a8
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.5_i386.deb
Size/MD5: 2480760 abe67af668e4359a7ea1544999d4fa3a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.5_i386.deb
Size/MD5: 2204166 1a49e73dc08337207bdf1fdd35da9b3c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5_i386.deb
Size/MD5: 905070 2b4ed16c32c85c3e171c74ecf47d48f2
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.5_powerpc.udeb
Size/MD5: 476068 9e80d79f4baa0649780b07661fa0006f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.5_powerpc.deb
Size/MD5: 2657462 415168d23fdd5cd5aadab1817af14dc8
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.5_powerpc.deb
Size/MD5: 753114 76b57913747daa2efa625e4dbd2c0945
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5_powerpc.deb
Size/MD5: 910852 501f4e45f0c958a587504a214638593d
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.5_sparc.udeb
Size/MD5: 452400 f388d5550604ea1c194943565c9c88f8
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.5_sparc.deb
Size/MD5: 2570894 53f9512bddf32bf101fc563e105b38df
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.5_sparc.deb
Size/MD5: 1792802 b36edc4a2383542b40806a5ad17fa397
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5_sparc.deb
Size/MD5: 918750 37f5cad9302acd8732e35759d8285388
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3.diff.gz
Size/MD5: 38727 0de47d9b6073c3eb3b0aaeb1ec19557c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3.dsc
Size/MD5: 842 37bb6220c7bc2b8248a7cb4f0c435c87
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz
Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.3_amd64.udeb
Size/MD5: 571660 9f5da17c29b6008f5187dc29a994dec6
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.3_amd64.deb
Size/MD5: 2167096 37193ba610eb183727b08a8d29a52370
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.3_amd64.deb
Size/MD5: 1681718 28b7991056396dd84066fa12feaddb3d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.3_amd64.deb
Size/MD5: 874776 77dad585b05064144a5a5081553a916f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3_amd64.deb
Size/MD5: 984456 f151de60b61e372a4f45191b224aab89
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.3_i386.udeb
Size/MD5: 509408 bede1435d39bad1a9350b068d816e2fd
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.3_i386.deb
Size/MD5: 2023440 3c4052d07abe7d7984a774ca815ba4cf
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.3_i386.deb
Size/MD5: 5049972 9ee23d1cf22447597f74709e94ce5b00
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.3_i386.deb
Size/MD5: 2594438 73e77f375a0971b6a7d348f5f13e7e45
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3_i386.deb
Size/MD5: 975868 6de7e21c1aae9aed6ecd022e8ef23d48
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.3_powerpc.udeb
Size/MD5: 557826 561f2c09651e10bb80c15f22795d5d67
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.3_powerpc.deb
Size/MD5: 2180710 61ebd17beaac083dca963e929e41efbd
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.3_powerpc.deb
Size/MD5: 1726292 151d9af6d167204709bf147645841965
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.3_powerpc.deb
Size/MD5: 861142 33e665ab46e0b2f49b5a7aab94bbfb62
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3_powerpc.deb
Size/MD5: 980002 779342146ba762133545d748cea0f2c7
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.3_sparc.udeb
Size/MD5: 530758 abfbc69a6f30ed2f53eaccd68916f54c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.3_sparc.deb
Size/MD5: 2092540 aebf715141756e6adfd1c2c3b1245790
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.3_sparc.deb
Size/MD5: 3941106 139f6bcdb0b7f8664a2361c40a86e74e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.3_sparc.deb
Size/MD5: 2090902 574fde5c22ff1d3b31f7cd3d91df1c86
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3_sparc.deb
Size/MD5: 987962 99b8b5715a58a54264abcfe193d26e3a
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists