[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071022183829.GF7963@outflux.net>
Date: Mon, 22 Oct 2007 11:38:29 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-534-1] OpenSSL vulnerability
===========================================================
Ubuntu Security Notice USN-534-1 October 22, 2007
openssl vulnerability
CVE-2007-4995
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libssl0.9.8 0.9.8a-7ubuntu0.5
Ubuntu 6.10:
libssl0.9.8 0.9.8b-2ubuntu2.2
Ubuntu 7.04:
libssl0.9.8 0.9.8c-4ubuntu0.2
Ubuntu 7.10:
libssl0.9.8 0.9.8e-5ubuntu3.1
After a standard system upgrade you need to reboot your computer to
affect the necessary changes.
Details follow:
Andy Polyakov discovered that the DTLS implementation in OpenSSL
was vulnerable. A remote attacker could send a specially crafted
connection request to services using DTLS and execute arbitrary code
with the service's privileges. There are no known Ubuntu applications
that are currently using DTLS.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5.diff.gz
Size/MD5: 49811 318b8930faafd558c53ef9905e9e98e3
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5.dsc
Size/MD5: 814 82348265595630f5b0c77a4f87524b14
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz
Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.5_amd64.udeb
Size/MD5: 571736 2f14c1f4e27932215077ad4908b0cf92
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.5_amd64.deb
Size/MD5: 2167400 7297675d1f66cb5e1e25e5120890cbab
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.5_amd64.deb
Size/MD5: 1682620 15141cb132b3273a8516726566033d83
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.5_amd64.deb
Size/MD5: 875252 d18d2199168e7252b487d5a9d38cb43c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5_amd64.deb
Size/MD5: 984688 b60049523ac5ea679391ecc715b21315
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.5_i386.udeb
Size/MD5: 509502 706f4c8b7691490e1746610f960b6c4c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.5_i386.deb
Size/MD5: 2023838 146ab65f0cf4b67494f22d249b122a2a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.5_i386.deb
Size/MD5: 5052630 4ff62d786ddac83ddb9b9ab8e48c257e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.5_i386.deb
Size/MD5: 2595296 7f6b47b4a53fd7f4f105ecefeb1ceb79
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5_i386.deb
Size/MD5: 976196 7ec5182170b5a15f430c6fbc40383e79
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.5_powerpc.udeb
Size/MD5: 557894 fcb3e7e5f71b3383fc3cf9d9c366ecd1
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.5_powerpc.deb
Size/MD5: 2181640 7678a21a5ef884b2624138eef64eb9c9
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.5_powerpc.deb
Size/MD5: 1727286 ef94dc5f39948416c227f397fb304d95
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.5_powerpc.deb
Size/MD5: 861718 4fddb1840be5acd8aa5368e7e29ee6bf
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5_powerpc.deb
Size/MD5: 980376 1e6296c4fcc7fc81bd4d26b5ea6944a2
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.5_sparc.udeb
Size/MD5: 530816 ec7c103a10c0d25086799846d11b7bfe
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.5_sparc.deb
Size/MD5: 2093000 00c30c93175137db6459b139fc277366
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.5_sparc.deb
Size/MD5: 3942430 7285a784ae4d26aacf29d56642ec66a8
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.5_sparc.deb
Size/MD5: 2091358 84ea39bd4183a847036f08ab1a65327f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5_sparc.deb
Size/MD5: 988416 dcfe223f83e8201a2b1a85ff71ab5021
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2.diff.gz
Size/MD5: 58706 820a388b69dca5764efbb8fed46334b3
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2.dsc
Size/MD5: 815 dd114418a2f791799c35387bc67fdc52
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b.orig.tar.gz
Size/MD5: 3279283 12cedbeb6813a0d7919dbf1f82134b86
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8b-2ubuntu2.2_amd64.udeb
Size/MD5: 580868 b98181b0a31d5d87a69e39157c1dca7e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8b-2ubuntu2.2_amd64.deb
Size/MD5: 2180458 6c95db22ab8cecdf3e3063c467066fdd
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8b-2ubuntu2.2_amd64.deb
Size/MD5: 1637608 e7c5a907ca20e1a70a8bc58d4bf14a64
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8b-2ubuntu2.2_amd64.deb
Size/MD5: 889286 acd0946620cbfa7faddc7aeb6740974b
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2_amd64.deb
Size/MD5: 999582 b4a57ae7ea571f91d024aa29301bbe1b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8b-2ubuntu2.2_i386.udeb
Size/MD5: 544566 df890721dd72b191acc4c476911fcbcb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8b-2ubuntu2.2_i386.deb
Size/MD5: 2063644 46c37a37167861f3adde7e8a95e12d4a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8b-2ubuntu2.2_i386.deb
Size/MD5: 5489454 55461b156db48bfe0300b1171f6e8f56
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8b-2ubuntu2.2_i386.deb
Size/MD5: 2699992 644637fbea3bec5640932ff14da522e6
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2_i386.deb
Size/MD5: 993640 b1acc15d9533420b4cc8522f0e2dc1b9
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8b-2ubuntu2.2_powerpc.udeb
Size/MD5: 586188 075986a665631893dd61fac50f758903
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8b-2ubuntu2.2_powerpc.deb
Size/MD5: 2212470 0306ccc1e491b5289cb695f2b175d07e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8b-2ubuntu2.2_powerpc.deb
Size/MD5: 1704450 3e85ba70bd6cf9de3e5880bd23bdff58
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8b-2ubuntu2.2_powerpc.deb
Size/MD5: 893620 afa836ca8f243a9792f268d66d5d08f9
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2_powerpc.deb
Size/MD5: 994478 d415f3f1f05f51ed522c6f85a4dab7ef
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8b-2ubuntu2.2_sparc.udeb
Size/MD5: 539790 4b28c78aaa16301bf6f96ae5f922d496
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8b-2ubuntu2.2_sparc.deb
Size/MD5: 2106340 e02e20251c2ee006c4c11ff5011af30e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8b-2ubuntu2.2_sparc.deb
Size/MD5: 4024836 821b03eb0d3ab3d8cc73813f35c85652
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8b-2ubuntu2.2_sparc.deb
Size/MD5: 2127374 569201015315a51624f7da8ec9beec58
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2_sparc.deb
Size/MD5: 1002994 d2987aba36a68654f852b33d3e2d3b10
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2.diff.gz
Size/MD5: 55956 445213d8f2112405c8f4e5f7b623d6d0
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2.dsc
Size/MD5: 899 56d5c27718993b8a5266da1c00fbaeaf
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c.orig.tar.gz
Size/MD5: 3313857 78454bec556bcb4c45129428a766c886
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4ubuntu0.2_amd64.udeb
Size/MD5: 604412 4c9177176385c48ca22173b3d30d8144
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8c-4ubuntu0.2_amd64.deb
Size/MD5: 2186730 b4daf1d7cc90b5a8ccd194793eae5812
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4ubuntu0.2_amd64.deb
Size/MD5: 1645258 187d8c2590f5f96d9d897212079637ef
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8c-4ubuntu0.2_amd64.deb
Size/MD5: 918222 97e6e623ffaba7231ee7639d96b2ad8b
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2_amd64.deb
Size/MD5: 1006444 d409960a9fe0626dc975b8fb433dbebc
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4ubuntu0.2_i386.udeb
Size/MD5: 569614 22bf719bd3081d09f873566adc4128b2
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8c-4ubuntu0.2_i386.deb
Size/MD5: 2068670 6f512c85199ca7b357b143068c68f876
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4ubuntu0.2_i386.deb
Size/MD5: 5500094 a8b50b66555148fcd7ac180f62ba53f4
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8c-4ubuntu0.2_i386.deb
Size/MD5: 2809748 d6ab390d2c443a1e9a8fc916f3021ae6
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2_i386.deb
Size/MD5: 1001238 5511b821de07098a2c7b276c90a27d0e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4ubuntu0.2_powerpc.udeb
Size/MD5: 617048 2403835a6b16d816853a8339d3dfa825
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8c-4ubuntu0.2_powerpc.deb
Size/MD5: 2217684 9d61b5adcab9e63071dcd4519863194b
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4ubuntu0.2_powerpc.deb
Size/MD5: 1705320 305f43d39387fa00f523206e0d54627f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8c-4ubuntu0.2_powerpc.deb
Size/MD5: 939420 703687a6fcb6834bff672969941827d5
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2_powerpc.deb
Size/MD5: 1014924 1820b1fdf23c052a126666aead5fb768
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4ubuntu0.2_sparc.udeb
Size/MD5: 562990 b9393e514fd3350f4be058a1cbb04575
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8c-4ubuntu0.2_sparc.deb
Size/MD5: 2111872 c18849c5f74dfe8c6df52a821e43f17d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4ubuntu0.2_sparc.deb
Size/MD5: 4053842 7309b09e4b098f8eebd1b7845ed9205d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8c-4ubuntu0.2_sparc.deb
Size/MD5: 2205664 510fe6fa4a3f2f2a1c343e5dcbd959b3
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2_sparc.deb
Size/MD5: 1016688 ccae01a50e74a6e8910187d05654d470
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1.diff.gz
Size/MD5: 58272 57a88e1401f17f6c871f0826a2297976
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1.dsc
Size/MD5: 950 6ea6a736b99c920059faa4403d9874f6
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e.orig.tar.gz
Size/MD5: 3341665 3a7ff24f6ea5cd711984722ad654b927
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.1_amd64.udeb
Size/MD5: 608520 5dab76926905d7a8511eb79581a42c98
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.1_amd64.deb
Size/MD5: 2065138 d1c76a608c7c3f5e911690374778c726
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.1_amd64.deb
Size/MD5: 1643910 6395c5f481ca09ddcfc330ef46a7f001
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.1_amd64.deb
Size/MD5: 928726 d5f97e67659ab867054830233fa87932
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1_amd64.deb
Size/MD5: 877816 6df80c2afd44054cb5dd68738c90fee9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.1_i386.udeb
Size/MD5: 571728 b5d117eeee48a6e247a9d3a38878da52
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.1_i386.deb
Size/MD5: 1943122 6fe86fafd46d7d67b3782a7e468cc8ff
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.1_i386.deb
Size/MD5: 5520390 862ff55ba99cb1662cee280eefe5a5e8
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.1_i386.deb
Size/MD5: 2825288 5c1450b6f919b6e0a69d1ce84e9c1dd0
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1_i386.deb
Size/MD5: 872060 552ec0ed6ebecaf35ca6a6e92db9a9db
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.1_powerpc.udeb
Size/MD5: 617964 39a66d181dff196c83e5b4aed8716c2e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.1_powerpc.deb
Size/MD5: 2093136 fafec44cb8894d541588bccef03bf0bc
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.1_powerpc.deb
Size/MD5: 1704930 75f593effef4952e066ca65fc9e33994
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.1_powerpc.deb
Size/MD5: 945660 30978f5c497bd604ee417e7cd118f6f1
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1_powerpc.deb
Size/MD5: 886230 307643fad7044b3da0eb8f8709bf8f56
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.1_sparc.udeb
Size/MD5: 565186 f78759329f69943231bd1ba03bc799de
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.1_sparc.deb
Size/MD5: 1987242 1069fd14a5b50ee02ed50aefa87a0c67
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.1_sparc.deb
Size/MD5: 4049648 d6793d1dd281d2d84738d772444b020e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.1_sparc.deb
Size/MD5: 2220780 cc2b4c879b39f7eec14549c095348ddf
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1_sparc.deb
Size/MD5: 887274 97b2ef728edc445f67d6f77d6c357e8d
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists