Ubuntu Security Notice USN-1064-1
15th February, 2011
openssl vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Software description
- openssl
Details
Neel Mehta discovered that incorrectly formatted ClientHello handshake
messages could cause OpenSSL to parse past the end of the message.
This could allow a remote attacker to cause a crash and denial of
service by triggering invalid memory accesses.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 10.10:
- libssl0.9.8 0.9.8o-1ubuntu4.4
- Ubuntu 10.04 LTS:
- libssl0.9.8 0.9.8k-7ubuntu8.6
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.