=========================================================== Ubuntu Security Notice USN-522-1 September 29, 2007 openssl vulnerabilities CVE-2007-3108, CVE-2007-5135 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.4 Ubuntu 6.10: libssl0.9.8 0.9.8b-2ubuntu2.1 Ubuntu 7.04: libssl0.9.8 0.9.8c-4ubuntu0.1 After a standard system upgrade you need to reboot your computer to affect the necessary changes. Details follow: It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user's OpenSSL processes. (CVE-2007-3108) Moritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function did not correctly check the size of the buffer it was writing to. A remote attacker could exploit this to write one NULL byte past the end of an application's cipher list buffer, possibly leading to arbitrary code execution or a denial of service. (CVE-2007-5135) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.4.diff.gz Size/MD5: 40104 abaa56ceffcfafd0d628fc68b1c83675 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.4.dsc Size/MD5: 814 e348ddbc2703e3dda91c500531cf4f45 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.4_amd64.udeb Size/MD5: 571738 9e614030df1cc56597aa4e7a7df23d18 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.4_amd64.deb Size/MD5: 2167362 c46ae159491e08e6df452617f069fb1a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.4_amd64.deb Size/MD5: 1682190 3f8e4f0e18004602d6d05200d1ceaa59 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.4_amd64.deb Size/MD5: 875108 fde0f7829a2684230b42b9aa37474a87 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.4_amd64.deb Size/MD5: 984620 3c835a22e594cd97d7286944c94144bb i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.4_i386.udeb Size/MD5: 509504 7461427863f8fb2515f4e666a445eb09 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.4_i386.deb Size/MD5: 2023780 d20f64ea8137c4c9aed26e911078bd15 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.4_i386.deb Size/MD5: 5051744 e377b372e70216b7c913229c840fe01e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.4_i386.deb Size/MD5: 2595078 4d10155df912f64bb004d154b942bea1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.4_i386.deb Size/MD5: 976114 4cf728c1f64e50634489c6c9838eae69 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.4_powerpc.udeb Size/MD5: 557892 32b64e8623c7f77c4d8c2a26fa58ff90 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.4_powerpc.deb Size/MD5: 2181178 4e1f7491e3801576114ceac6235199d9 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.4_powerpc.deb Size/MD5: 1726640 0da13816bfddf51e4b306c3aa78c466e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.4_powerpc.deb Size/MD5: 861466 d2650c1bfa597edefd32fa380bee42ec http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.4_powerpc.deb Size/MD5: 980256 3e1b6dec9136ba3c9456dc4301a105c5 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.4_sparc.udeb Size/MD5: 530816 8a79b8c47ab103c6fe308c35fc73e1a6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.4_sparc.deb Size/MD5: 2092694 fd51d17a31a87f289860621e3ceef1c0 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.4_sparc.deb Size/MD5: 3941790 24f88f1ec00a33da9af06476cd24c845 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.4_sparc.deb Size/MD5: 2091088 3a3780f90853dfe75d0dfe361ca387a2 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.4_sparc.deb Size/MD5: 988320 08ed566f5fb60ff6211fd15d188bc9d7 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.1.diff.gz Size/MD5: 47085 11e24acb96e5a9ab984a7f0f52eaccee http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.1.dsc Size/MD5: 815 0edc3573b1bf7cb3fcee66dfb5531030 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b.orig.tar.gz Size/MD5: 3279283 12cedbeb6813a0d7919dbf1f82134b86 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8b-2ubuntu2.1_amd64.udeb Size/MD5: 580868 ea4ca3f339aa81ac94cb6430a66e4732 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8b-2ubuntu2.1_amd64.deb Size/MD5: 2180120 73efee92606753a9d44ef2f14e513650 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8b-2ubuntu2.1_amd64.deb Size/MD5: 1637050 5d20af66d19892f44b9c16932fda98cb http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8b-2ubuntu2.1_amd64.deb Size/MD5: 889090 1c1e0ac246ea81ab44dea11c1f7b84c3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.1_amd64.deb Size/MD5: 999446 e14ae572b7c245ac7218309b62998606 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8b-2ubuntu2.1_i386.udeb Size/MD5: 544572 0041f7ee93c548d4504e12d1090b46b4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8b-2ubuntu2.1_i386.deb Size/MD5: 2063198 14e10f14147b3dc12c8811fc53592fc6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8b-2ubuntu2.1_i386.deb Size/MD5: 5488610 ff380444cf5a3518a98dcb264bb68c17 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8b-2ubuntu2.1_i386.deb Size/MD5: 2699364 0f23e3bbf255b1c333bc27c6133ad6dc http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.1_i386.deb Size/MD5: 993544 6a229b5256bc4719116e31d8c9c6e067 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8b-2ubuntu2.1_powerpc.udeb Size/MD5: 586188 7d04f1a35812e10be8b5cf5e3ca64e42 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8b-2ubuntu2.1_powerpc.deb Size/MD5: 2211960 adc548aee23416dc2c04b0ae0653fd58 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8b-2ubuntu2.1_powerpc.deb Size/MD5: 1704024 969005d56c1ce43c1e25b2155992cb06 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8b-2ubuntu2.1_powerpc.deb Size/MD5: 893346 144f7e53fd45ae765229ca09d90b0324 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.1_powerpc.deb Size/MD5: 994320 7be85bbd6f1578b43883a932d27ff0d4 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8b-2ubuntu2.1_sparc.udeb Size/MD5: 539786 a44f4d54cce712b2572a8c2d1a8892b0 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8b-2ubuntu2.1_sparc.deb Size/MD5: 2106146 18369000e29065950ab20c49f2549a68 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8b-2ubuntu2.1_sparc.deb Size/MD5: 4024194 6f18fdd6cf1baa4fc5df70dd911a5e5c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8b-2ubuntu2.1_sparc.deb Size/MD5: 2127048 7dfd58d7598348c49329ab9ca7779f1e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.1_sparc.deb Size/MD5: 1002710 4faf43217bd97ec20d9e6f5231f3b796 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.1.diff.gz Size/MD5: 46065 1fe689e18314f75796223804cea5da8a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.1.dsc Size/MD5: 899 5f7c71575be2444fba320a4ea5347a94 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c.orig.tar.gz Size/MD5: 3313857 78454bec556bcb4c45129428a766c886 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4ubuntu0.1_amd64.udeb Size/MD5: 604410 83e090a4f4baad96cd699d641c906ed6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8c-4ubuntu0.1_amd64.deb Size/MD5: 2186538 db9dfc2ec8dffea2f5e05bdf3e0c6f51 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4ubuntu0.1_amd64.deb Size/MD5: 1644896 ed4ae60bc2e36d90cde8f6984d6025b3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8c-4ubuntu0.1_amd64.deb Size/MD5: 918056 805ff29173ca5647c6444fbf048dcf60 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.1_amd64.deb Size/MD5: 1006294 9dcf97059a7eb886d4a868c4398e78cb i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4ubuntu0.1_i386.udeb Size/MD5: 569612 cf9450e5dcf3a4f7fdba8c1a8a430323 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8c-4ubuntu0.1_i386.deb Size/MD5: 2068216 421e07755a1c502e023e8b7ee1f60d19 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4ubuntu0.1_i386.deb Size/MD5: 5499042 a1cbbc625498defe107e38775bde8aa0 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8c-4ubuntu0.1_i386.deb Size/MD5: 2809096 194214034d640049a38a210feded7271 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.1_i386.deb Size/MD5: 1001124 68f2244ac28054ceb381db892b0a2aa8 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4ubuntu0.1_powerpc.udeb Size/MD5: 617042 f3649896a69d3aa8fe05f2d62179a6fa http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8c-4ubuntu0.1_powerpc.deb Size/MD5: 2217064 bab2220243ab79b13c3f6178f72ca5b3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4ubuntu0.1_powerpc.deb Size/MD5: 1704864 886ea205f259a781cd464344ca238438 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8c-4ubuntu0.1_powerpc.deb Size/MD5: 939056 aca2ce7f7970c967b54d5d09ee1bc0c2 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.1_powerpc.deb Size/MD5: 1014828 fa78b637a7b5ce72261442d7e9de8522 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4ubuntu0.1_sparc.udeb Size/MD5: 562986 9e32a5b64da75b53c5651b0ab12413e8 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8c-4ubuntu0.1_sparc.deb Size/MD5: 2111498 45b61e49ef4a3c8766acd4986170b60c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4ubuntu0.1_sparc.deb Size/MD5: 4052930 6ad0e11956c1fdb699429abe604d3886 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8c-4ubuntu0.1_sparc.deb Size/MD5: 2205482 75db2b4f995c2f564612566b299a428d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.1_sparc.deb Size/MD5: 1016618 ec64c2da5c6b4bbec42d9099cc0ef0e6
Attachment:
signature.asc
Description: Digital signature