Ubuntu Security Notice USN-620-1
26th June, 2008
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.04 LTS
Software description
- openssl
Details
It was discovered that OpenSSL was vulnerable to a double-free
when using TLS server extensions. A remote attacker could send a
crafted packet and cause a denial of service via application crash
in applications linked against OpenSSL. Ubuntu 8.04 LTS does not
compile TLS server extensions by default. (CVE-2008-0891)
It was discovered that OpenSSL could dereference a NULL pointer.
If a user or automated system were tricked into connecting to a
malicious server with particular cipher suites, a remote attacker
could cause a denial of service via application crash.
(CVE-2008-1672)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 8.04 LTS:
- libssl0.9.8 0.9.8g-4ubuntu3.3
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.