=========================================================== Ubuntu Security Notice USN-534-1 October 22, 2007 openssl vulnerability CVE-2007-4995 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.5 Ubuntu 6.10: libssl0.9.8 0.9.8b-2ubuntu2.2 Ubuntu 7.04: libssl0.9.8 0.9.8c-4ubuntu0.2 Ubuntu 7.10: libssl0.9.8 0.9.8e-5ubuntu3.1 After a standard system upgrade you need to reboot your computer to affect the necessary changes. Details follow: Andy Polyakov discovered that the DTLS implementation in OpenSSL was vulnerable. A remote attacker could send a specially crafted connection request to services using DTLS and execute arbitrary code with the service's privileges. There are no known Ubuntu applications that are currently using DTLS. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5.diff.gz Size/MD5: 49811 318b8930faafd558c53ef9905e9e98e3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5.dsc Size/MD5: 814 82348265595630f5b0c77a4f87524b14 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.5_amd64.udeb Size/MD5: 571736 2f14c1f4e27932215077ad4908b0cf92 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.5_amd64.deb Size/MD5: 2167400 7297675d1f66cb5e1e25e5120890cbab http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.5_amd64.deb Size/MD5: 1682620 15141cb132b3273a8516726566033d83 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.5_amd64.deb Size/MD5: 875252 d18d2199168e7252b487d5a9d38cb43c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5_amd64.deb Size/MD5: 984688 b60049523ac5ea679391ecc715b21315 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.5_i386.udeb Size/MD5: 509502 706f4c8b7691490e1746610f960b6c4c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.5_i386.deb Size/MD5: 2023838 146ab65f0cf4b67494f22d249b122a2a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.5_i386.deb Size/MD5: 5052630 4ff62d786ddac83ddb9b9ab8e48c257e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.5_i386.deb Size/MD5: 2595296 7f6b47b4a53fd7f4f105ecefeb1ceb79 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5_i386.deb Size/MD5: 976196 7ec5182170b5a15f430c6fbc40383e79 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.5_powerpc.udeb Size/MD5: 557894 fcb3e7e5f71b3383fc3cf9d9c366ecd1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.5_powerpc.deb Size/MD5: 2181640 7678a21a5ef884b2624138eef64eb9c9 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.5_powerpc.deb Size/MD5: 1727286 ef94dc5f39948416c227f397fb304d95 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.5_powerpc.deb Size/MD5: 861718 4fddb1840be5acd8aa5368e7e29ee6bf http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5_powerpc.deb Size/MD5: 980376 1e6296c4fcc7fc81bd4d26b5ea6944a2 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.5_sparc.udeb Size/MD5: 530816 ec7c103a10c0d25086799846d11b7bfe http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.5_sparc.deb Size/MD5: 2093000 00c30c93175137db6459b139fc277366 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.5_sparc.deb Size/MD5: 3942430 7285a784ae4d26aacf29d56642ec66a8 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.5_sparc.deb Size/MD5: 2091358 84ea39bd4183a847036f08ab1a65327f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5_sparc.deb Size/MD5: 988416 dcfe223f83e8201a2b1a85ff71ab5021 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2.diff.gz Size/MD5: 58706 820a388b69dca5764efbb8fed46334b3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2.dsc Size/MD5: 815 dd114418a2f791799c35387bc67fdc52 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b.orig.tar.gz Size/MD5: 3279283 12cedbeb6813a0d7919dbf1f82134b86 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8b-2ubuntu2.2_amd64.udeb Size/MD5: 580868 b98181b0a31d5d87a69e39157c1dca7e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8b-2ubuntu2.2_amd64.deb Size/MD5: 2180458 6c95db22ab8cecdf3e3063c467066fdd http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8b-2ubuntu2.2_amd64.deb Size/MD5: 1637608 e7c5a907ca20e1a70a8bc58d4bf14a64 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8b-2ubuntu2.2_amd64.deb Size/MD5: 889286 acd0946620cbfa7faddc7aeb6740974b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2_amd64.deb Size/MD5: 999582 b4a57ae7ea571f91d024aa29301bbe1b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8b-2ubuntu2.2_i386.udeb Size/MD5: 544566 df890721dd72b191acc4c476911fcbcb http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8b-2ubuntu2.2_i386.deb Size/MD5: 2063644 46c37a37167861f3adde7e8a95e12d4a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8b-2ubuntu2.2_i386.deb Size/MD5: 5489454 55461b156db48bfe0300b1171f6e8f56 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8b-2ubuntu2.2_i386.deb Size/MD5: 2699992 644637fbea3bec5640932ff14da522e6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2_i386.deb Size/MD5: 993640 b1acc15d9533420b4cc8522f0e2dc1b9 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8b-2ubuntu2.2_powerpc.udeb Size/MD5: 586188 075986a665631893dd61fac50f758903 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8b-2ubuntu2.2_powerpc.deb Size/MD5: 2212470 0306ccc1e491b5289cb695f2b175d07e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8b-2ubuntu2.2_powerpc.deb Size/MD5: 1704450 3e85ba70bd6cf9de3e5880bd23bdff58 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8b-2ubuntu2.2_powerpc.deb Size/MD5: 893620 afa836ca8f243a9792f268d66d5d08f9 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2_powerpc.deb Size/MD5: 994478 d415f3f1f05f51ed522c6f85a4dab7ef sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8b-2ubuntu2.2_sparc.udeb Size/MD5: 539790 4b28c78aaa16301bf6f96ae5f922d496 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8b-2ubuntu2.2_sparc.deb Size/MD5: 2106340 e02e20251c2ee006c4c11ff5011af30e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8b-2ubuntu2.2_sparc.deb Size/MD5: 4024836 821b03eb0d3ab3d8cc73813f35c85652 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8b-2ubuntu2.2_sparc.deb Size/MD5: 2127374 569201015315a51624f7da8ec9beec58 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2_sparc.deb Size/MD5: 1002994 d2987aba36a68654f852b33d3e2d3b10 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2.diff.gz Size/MD5: 55956 445213d8f2112405c8f4e5f7b623d6d0 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2.dsc Size/MD5: 899 56d5c27718993b8a5266da1c00fbaeaf http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c.orig.tar.gz Size/MD5: 3313857 78454bec556bcb4c45129428a766c886 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4ubuntu0.2_amd64.udeb Size/MD5: 604412 4c9177176385c48ca22173b3d30d8144 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8c-4ubuntu0.2_amd64.deb Size/MD5: 2186730 b4daf1d7cc90b5a8ccd194793eae5812 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4ubuntu0.2_amd64.deb Size/MD5: 1645258 187d8c2590f5f96d9d897212079637ef http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8c-4ubuntu0.2_amd64.deb Size/MD5: 918222 97e6e623ffaba7231ee7639d96b2ad8b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2_amd64.deb Size/MD5: 1006444 d409960a9fe0626dc975b8fb433dbebc i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4ubuntu0.2_i386.udeb Size/MD5: 569614 22bf719bd3081d09f873566adc4128b2 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8c-4ubuntu0.2_i386.deb Size/MD5: 2068670 6f512c85199ca7b357b143068c68f876 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4ubuntu0.2_i386.deb Size/MD5: 5500094 a8b50b66555148fcd7ac180f62ba53f4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8c-4ubuntu0.2_i386.deb Size/MD5: 2809748 d6ab390d2c443a1e9a8fc916f3021ae6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2_i386.deb Size/MD5: 1001238 5511b821de07098a2c7b276c90a27d0e powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4ubuntu0.2_powerpc.udeb Size/MD5: 617048 2403835a6b16d816853a8339d3dfa825 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8c-4ubuntu0.2_powerpc.deb Size/MD5: 2217684 9d61b5adcab9e63071dcd4519863194b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4ubuntu0.2_powerpc.deb Size/MD5: 1705320 305f43d39387fa00f523206e0d54627f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8c-4ubuntu0.2_powerpc.deb Size/MD5: 939420 703687a6fcb6834bff672969941827d5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2_powerpc.deb Size/MD5: 1014924 1820b1fdf23c052a126666aead5fb768 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4ubuntu0.2_sparc.udeb Size/MD5: 562990 b9393e514fd3350f4be058a1cbb04575 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8c-4ubuntu0.2_sparc.deb Size/MD5: 2111872 c18849c5f74dfe8c6df52a821e43f17d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4ubuntu0.2_sparc.deb Size/MD5: 4053842 7309b09e4b098f8eebd1b7845ed9205d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8c-4ubuntu0.2_sparc.deb Size/MD5: 2205664 510fe6fa4a3f2f2a1c343e5dcbd959b3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2_sparc.deb Size/MD5: 1016688 ccae01a50e74a6e8910187d05654d470 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1.diff.gz Size/MD5: 58272 57a88e1401f17f6c871f0826a2297976 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1.dsc Size/MD5: 950 6ea6a736b99c920059faa4403d9874f6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e.orig.tar.gz Size/MD5: 3341665 3a7ff24f6ea5cd711984722ad654b927 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.1_amd64.udeb Size/MD5: 608520 5dab76926905d7a8511eb79581a42c98 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.1_amd64.deb Size/MD5: 2065138 d1c76a608c7c3f5e911690374778c726 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.1_amd64.deb Size/MD5: 1643910 6395c5f481ca09ddcfc330ef46a7f001 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.1_amd64.deb Size/MD5: 928726 d5f97e67659ab867054830233fa87932 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1_amd64.deb Size/MD5: 877816 6df80c2afd44054cb5dd68738c90fee9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.1_i386.udeb Size/MD5: 571728 b5d117eeee48a6e247a9d3a38878da52 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.1_i386.deb Size/MD5: 1943122 6fe86fafd46d7d67b3782a7e468cc8ff http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.1_i386.deb Size/MD5: 5520390 862ff55ba99cb1662cee280eefe5a5e8 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.1_i386.deb Size/MD5: 2825288 5c1450b6f919b6e0a69d1ce84e9c1dd0 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1_i386.deb Size/MD5: 872060 552ec0ed6ebecaf35ca6a6e92db9a9db powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.1_powerpc.udeb Size/MD5: 617964 39a66d181dff196c83e5b4aed8716c2e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.1_powerpc.deb Size/MD5: 2093136 fafec44cb8894d541588bccef03bf0bc http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.1_powerpc.deb Size/MD5: 1704930 75f593effef4952e066ca65fc9e33994 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.1_powerpc.deb Size/MD5: 945660 30978f5c497bd604ee417e7cd118f6f1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1_powerpc.deb Size/MD5: 886230 307643fad7044b3da0eb8f8709bf8f56 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.1_sparc.udeb Size/MD5: 565186 f78759329f69943231bd1ba03bc799de http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.1_sparc.deb Size/MD5: 1987242 1069fd14a5b50ee02ed50aefa87a0c67 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.1_sparc.deb Size/MD5: 4049648 d6793d1dd281d2d84738d772444b020e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.1_sparc.deb Size/MD5: 2220780 cc2b4c879b39f7eec14549c095348ddf http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1_sparc.deb Size/MD5: 887274 97b2ef728edc445f67d6f77d6c357e8d
Attachment:
signature.asc
Description: Digital signature