USN-353-1: openssl vulnerabilities

Ubuntu Security Notice USN-353-1

28th September, 2006

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.06 LTS
  • Ubuntu 5.10
  • Ubuntu 5.04

Details

Dr. Henson of the OpenSSL core team and Open Network Security
discovered a mishandled error condition in the ASN.1 parser. By
sending specially crafted packet data, a remote attacker could exploit
this to trigger an infinite loop, which would render the service
unusable and consume all available system memory. (CVE-2006-2937)

Certain types of public key could take disproportionate amounts of
time to process. The library now limits the maximum key exponent size
to avoid Denial of Service attacks. (CVE-2006-2940)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a
buffer overflow in the SSL_get_shared_ciphers() function. By sending
specially crafted packets to applications that use this function (like
Exim, MySQL, or the openssl command line tool), a remote attacker
could exploit this to execute arbitrary code with the server's
privileges. (CVE-2006-3738)

Tavis Ormandy and Will Drewry of the Google Security Team reported
that the get_server_hello() function did not sufficiently check the
client's session certificate. This could be exploited to crash clients
by remote attackers sending specially crafted SSL responses.
(CVE-2006-4343)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 6.06 LTS:
libssl0.9.8 0.9.8a-7ubuntu0.2
Ubuntu 5.10:
libssl0.9.7 0.9.7g-1ubuntu1.3
Ubuntu 5.04:
libssl0.9.7 0.9.7e-3ubuntu0.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

References

CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343