Ubuntu Security Notice USN-353-1
28th September, 2006
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 6.06 LTS
- Ubuntu 5.10
- Ubuntu 5.04
Details
Dr. Henson of the OpenSSL core team and Open Network Security
discovered a mishandled error condition in the ASN.1 parser. By
sending specially crafted packet data, a remote attacker could exploit
this to trigger an infinite loop, which would render the service
unusable and consume all available system memory. (CVE-2006-2937)
Certain types of public key could take disproportionate amounts of
time to process. The library now limits the maximum key exponent size
to avoid Denial of Service attacks. (CVE-2006-2940)
Tavis Ormandy and Will Drewry of the Google Security Team discovered a
buffer overflow in the SSL_get_shared_ciphers() function. By sending
specially crafted packets to applications that use this function (like
Exim, MySQL, or the openssl command line tool), a remote attacker
could exploit this to execute arbitrary code with the server's
privileges. (CVE-2006-3738)
Tavis Ormandy and Will Drewry of the Google Security Team reported
that the get_server_hello() function did not sufficiently check the
client's session certificate. This could be exploited to crash clients
by remote attackers sending specially crafted SSL responses.
(CVE-2006-4343)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 6.06 LTS:
- libssl0.9.8 0.9.8a-7ubuntu0.2
- Ubuntu 5.10:
- libssl0.9.7 0.9.7g-1ubuntu1.3
- Ubuntu 5.04:
- libssl0.9.7 0.9.7e-3ubuntu0.4
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.