OpenSSL, Bind, NTP vulnerabilities
Savvas Radevic
vicedar at gmail.com
Sat Jan 10 10:46:17 GMT 2009
You are advised to upgrade and reboot your system as soon as possible
if you are using the Internet.
USN-706-1: Bind vulnerability: http://www.ubuntu.com/usn/usn-706-1
CVE-2009-0025
It was discovered that Bind did not properly perform certificate
verification. When DNSSEC with DSA certificates are in use, a remote
attacker could exploit this to bypass certificate validation to spoof
DNS entries and poison DNS caches. Among other things, this could lead
to misdirected email and web traffic.
USN-705-1: NTP vulnerability: http://www.ubuntu.com/usn/usn-705-1
CVE-2009-0021
It was discovered that NTP did not properly perform signature
verification. A remote attacker could exploit this to bypass
certificate validation via a malformed SSL/TLS signature.
USN-704-1: OpenSSL vulnerability: http://www.ubuntu.com/usn/usn-704-1
CVE-2008-5077
It was discovered that OpenSSL did not properly perform signature
verification on DSA and ECDSA keys. If user or automated system
connected to a malicious server or a remote attacker were able to
perform a man-in-the-middle attack, this flaw could be exploited to
view sensitive information.
Important Note: openssl upgrade requires a reboot for changes to take effect!
All Ubuntu security notices can be viewed at: http://www.ubuntu.com/usn
Cheers,
Savvas aka medigeek
More information about the Ubuntu-cy
mailing list