[USN-113-1] libnet-ssleay-perl vulnerability
Martin Pitt
martin.pitt at canonical.com
Tue May 3 11:25:24 UTC 2005
===========================================================
Ubuntu Security Notice USN-113-1 May 03, 2005
libnet-ssleay-perl vulnerability
CAN-2005-0106
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
libnet-ssleay-perl
The problem can be corrected by upgrading the affected package to version
1.25-1ubuntu0.2. In general, a standard system upgrade is sufficient to effect
the necessary changes.
Details follow:
Javier Fernandez-Sanguino Pena discovered that this library used the
file /tmp/entropy as a fallback entropy source if a proper source was
not set in the environment variable EGD_PATH. This can potentially
lead to weakened cryptographic operations if an attacker provides a
/tmp/entropy file with known content.
The updated package requires the specification of an entropy source
with EGD_PATH and also requires that the source is a socket (as
opposed to a normal file).
Please note that this only affects systems which have egd installed
from third party sources; egd is not shipped with Ubuntu.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25-1ubuntu0.2.dsc
Size/MD5: 668 90dfb26e445d7eeb68ee39c69148c649
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25-1ubuntu0.2.diff.gz
Size/MD5: 5901 b148bdb144acea8eff268f766b6cb6c0
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25.orig.tar.gz
Size/MD5: 76627 d32f3fa38b1c49a2a98e75577d5dc10b
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25-1ubuntu0.2_i386.deb
Size/MD5: 177492 2a5250e82cd4dac83a061d0e6de68423
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25-1ubuntu0.2_powerpc.deb
Size/MD5: 182298 d7d20090fb0b24a620f79e50d39ff0a4
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25-1ubuntu0.2_amd64.deb
Size/MD5: 179592 931ccca9ba5fe8bd0a89152f7b6b6cef
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20050503/864d423d/attachment.sig>
More information about the ubuntu-security-announce
mailing list