lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061004171837.GJ4948@piware.de>
Date: Wed, 4 Oct 2006 19:18:37 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-353-2] OpenSSL vulnerability

=========================================================== 
Ubuntu Security Notice USN-353-2           October 04, 2006
openssl vulnerability
CVE-2006-2940
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libssl0.9.7                              0.9.7e-3ubuntu0.6

Ubuntu 5.10:
  libssl0.9.7                              0.9.7g-1ubuntu1.5

Ubuntu 6.06 LTS:
  libssl0.9.8                              0.9.8a-7ubuntu0.3

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

USN-353-1 fixed several vulnerabilities in OpenSSL. However, Mark J
Cox noticed that the applied patch for CVE-2006-2940 was flawed. This
update corrects that patch.

For reference, this is the relevant part of the original advisory:

  Certain types of public key could take disproportionate amounts of
  time to process. The library now limits the maximum key exponent
  size to avoid Denial of Service attacks. (CVE-2006-2940)


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6.diff.gz
      Size/MD5:    31740 97bbcc504a6a95a33dbbdc5cbd37229e
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6.dsc
      Size/MD5:      645 6d09dca9825c7249d785a307b0425ae9
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e.orig.tar.gz
      Size/MD5:  3043231 a8777164bca38d84e5eb2b1535223474

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.6_amd64.udeb
      Size/MD5:   495260 fd92e08373a92041809218c214823b73
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.6_amd64.deb
      Size/MD5:  2694372 eb5ca3d700f0cc9212c41b6f734b4f88
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.6_amd64.deb
      Size/MD5:   770484 3ea407d9dade085833bbf317486b04c8
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6_amd64.deb
      Size/MD5:   904306 ed9e6cd718227584e7ad53127c20792a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.6_i386.udeb
      Size/MD5:   433546 a9c706c6822ac597b71ea68f39b222db
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.6_i386.deb
      Size/MD5:  2493948 adf386221e765a18e8a0c8e0d741f2b9
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.6_i386.deb
      Size/MD5:  2243670 e7d78553fcc4be0c6d78be9af286277d
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6_i386.deb
      Size/MD5:   901660 dbbcff730990c1b5e499ea5ce73f13be

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.6_powerpc.udeb
      Size/MD5:   499482 19be15b0af113962bed13516f77f9de4
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.6_powerpc.deb
      Size/MD5:  2775178 33815f085aa8fe83ff6c7f6e0558c50b
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.6_powerpc.deb
      Size/MD5:   780064 d5d41d880620b041859716fa27647cf7
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6_powerpc.deb
      Size/MD5:   908756 b70e6794f0761eefb77e0ecafe0a2e7f

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5.diff.gz
      Size/MD5:    32414 b229018d41456fea8a0a0cd07ed666ac
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5.dsc
      Size/MD5:      657 f490ddbc922b8f99f7d76b8b4d9e7554
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g.orig.tar.gz
      Size/MD5:  3132217 991615f73338a571b6a1be7d74906934

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.5_amd64.udeb
      Size/MD5:   499082 8d5e5984dc233f31a5dbeea947608279
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.5_amd64.deb
      Size/MD5:  2700700 1fb82d9ef43428f64ee1ed77c9a84c3b
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.5_amd64.deb
      Size/MD5:   774050 a14cd3488b047eedd5c6a511d17d3848
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5_amd64.deb
      Size/MD5:   913768 497ff7cb1442d0edebcd112372008762

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.5_i386.udeb
      Size/MD5:   430860 5e835590b53eaa89ec7cd2bc2e1b99a8
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.5_i386.deb
      Size/MD5:  2480760 abe67af668e4359a7ea1544999d4fa3a
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.5_i386.deb
      Size/MD5:  2204166 1a49e73dc08337207bdf1fdd35da9b3c
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5_i386.deb
      Size/MD5:   905070 2b4ed16c32c85c3e171c74ecf47d48f2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.5_powerpc.udeb
      Size/MD5:   476068 9e80d79f4baa0649780b07661fa0006f
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.5_powerpc.deb
      Size/MD5:  2657462 415168d23fdd5cd5aadab1817af14dc8
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.5_powerpc.deb
      Size/MD5:   753114 76b57913747daa2efa625e4dbd2c0945
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5_powerpc.deb
      Size/MD5:   910852 501f4e45f0c958a587504a214638593d

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.5_sparc.udeb
      Size/MD5:   452400 f388d5550604ea1c194943565c9c88f8
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.5_sparc.deb
      Size/MD5:  2570894 53f9512bddf32bf101fc563e105b38df
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.5_sparc.deb
      Size/MD5:  1792802 b36edc4a2383542b40806a5ad17fa397
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5_sparc.deb
      Size/MD5:   918750 37f5cad9302acd8732e35759d8285388

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3.diff.gz
      Size/MD5:    38727 0de47d9b6073c3eb3b0aaeb1ec19557c
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3.dsc
      Size/MD5:      842 37bb6220c7bc2b8248a7cb4f0c435c87
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz
      Size/MD5:  3271435 1d16c727c10185e4d694f87f5e424ee1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.3_amd64.udeb
      Size/MD5:   571660 9f5da17c29b6008f5187dc29a994dec6
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.3_amd64.deb
      Size/MD5:  2167096 37193ba610eb183727b08a8d29a52370
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.3_amd64.deb
      Size/MD5:  1681718 28b7991056396dd84066fa12feaddb3d
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.3_amd64.deb
      Size/MD5:   874776 77dad585b05064144a5a5081553a916f
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3_amd64.deb
      Size/MD5:   984456 f151de60b61e372a4f45191b224aab89

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.3_i386.udeb
      Size/MD5:   509408 bede1435d39bad1a9350b068d816e2fd
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.3_i386.deb
      Size/MD5:  2023440 3c4052d07abe7d7984a774ca815ba4cf
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.3_i386.deb
      Size/MD5:  5049972 9ee23d1cf22447597f74709e94ce5b00
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.3_i386.deb
      Size/MD5:  2594438 73e77f375a0971b6a7d348f5f13e7e45
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3_i386.deb
      Size/MD5:   975868 6de7e21c1aae9aed6ecd022e8ef23d48

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.3_powerpc.udeb
      Size/MD5:   557826 561f2c09651e10bb80c15f22795d5d67
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.3_powerpc.deb
      Size/MD5:  2180710 61ebd17beaac083dca963e929e41efbd
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.3_powerpc.deb
      Size/MD5:  1726292 151d9af6d167204709bf147645841965
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.3_powerpc.deb
      Size/MD5:   861142 33e665ab46e0b2f49b5a7aab94bbfb62
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3_powerpc.deb
      Size/MD5:   980002 779342146ba762133545d748cea0f2c7

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.3_sparc.udeb
      Size/MD5:   530758 abfbc69a6f30ed2f53eaccd68916f54c
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.3_sparc.deb
      Size/MD5:  2092540 aebf715141756e6adfd1c2c3b1245790
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.3_sparc.deb
      Size/MD5:  3941106 139f6bcdb0b7f8664a2361c40a86e74e
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.3_sparc.deb
      Size/MD5:  2090902 574fde5c22ff1d3b31f7cd3d91df1c86
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3_sparc.deb
      Size/MD5:   987962 99b8b5715a58a54264abcfe193d26e3a

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ