[USN-534-1] OpenSSL vulnerability

Kees Cook kees at ubuntu.com
Mon Oct 22 18:38:29 UTC 2007


=========================================================== 
Ubuntu Security Notice USN-534-1           October 22, 2007
openssl vulnerability
CVE-2007-4995
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libssl0.9.8                     0.9.8a-7ubuntu0.5

Ubuntu 6.10:
  libssl0.9.8                     0.9.8b-2ubuntu2.2

Ubuntu 7.04:
  libssl0.9.8                     0.9.8c-4ubuntu0.2

Ubuntu 7.10:
  libssl0.9.8                     0.9.8e-5ubuntu3.1

After a standard system upgrade you need to reboot your computer to
affect the necessary changes.

Details follow:

Andy Polyakov discovered that the DTLS implementation in OpenSSL
was vulnerable.  A remote attacker could send a specially crafted
connection request to services using DTLS and execute arbitrary code
with the service's privileges.  There are no known Ubuntu applications
that are currently using DTLS.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5.diff.gz
      Size/MD5:    49811 318b8930faafd558c53ef9905e9e98e3
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5.dsc
      Size/MD5:      814 82348265595630f5b0c77a4f87524b14
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz
      Size/MD5:  3271435 1d16c727c10185e4d694f87f5e424ee1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.5_amd64.udeb
      Size/MD5:   571736 2f14c1f4e27932215077ad4908b0cf92
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.5_amd64.deb
      Size/MD5:  2167400 7297675d1f66cb5e1e25e5120890cbab
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.5_amd64.deb
      Size/MD5:  1682620 15141cb132b3273a8516726566033d83
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.5_amd64.deb
      Size/MD5:   875252 d18d2199168e7252b487d5a9d38cb43c
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5_amd64.deb
      Size/MD5:   984688 b60049523ac5ea679391ecc715b21315

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.5_i386.udeb
      Size/MD5:   509502 706f4c8b7691490e1746610f960b6c4c
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.5_i386.deb
      Size/MD5:  2023838 146ab65f0cf4b67494f22d249b122a2a
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.5_i386.deb
      Size/MD5:  5052630 4ff62d786ddac83ddb9b9ab8e48c257e
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.5_i386.deb
      Size/MD5:  2595296 7f6b47b4a53fd7f4f105ecefeb1ceb79
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5_i386.deb
      Size/MD5:   976196 7ec5182170b5a15f430c6fbc40383e79

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.5_powerpc.udeb
      Size/MD5:   557894 fcb3e7e5f71b3383fc3cf9d9c366ecd1
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.5_powerpc.deb
      Size/MD5:  2181640 7678a21a5ef884b2624138eef64eb9c9
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.5_powerpc.deb
      Size/MD5:  1727286 ef94dc5f39948416c227f397fb304d95
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.5_powerpc.deb
      Size/MD5:   861718 4fddb1840be5acd8aa5368e7e29ee6bf
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5_powerpc.deb
      Size/MD5:   980376 1e6296c4fcc7fc81bd4d26b5ea6944a2

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.5_sparc.udeb
      Size/MD5:   530816 ec7c103a10c0d25086799846d11b7bfe
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.5_sparc.deb
      Size/MD5:  2093000 00c30c93175137db6459b139fc277366
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.5_sparc.deb
      Size/MD5:  3942430 7285a784ae4d26aacf29d56642ec66a8
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.5_sparc.deb
      Size/MD5:  2091358 84ea39bd4183a847036f08ab1a65327f
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.5_sparc.deb
      Size/MD5:   988416 dcfe223f83e8201a2b1a85ff71ab5021

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2.diff.gz
      Size/MD5:    58706 820a388b69dca5764efbb8fed46334b3
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2.dsc
      Size/MD5:      815 dd114418a2f791799c35387bc67fdc52
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b.orig.tar.gz
      Size/MD5:  3279283 12cedbeb6813a0d7919dbf1f82134b86

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8b-2ubuntu2.2_amd64.udeb
      Size/MD5:   580868 b98181b0a31d5d87a69e39157c1dca7e
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8b-2ubuntu2.2_amd64.deb
      Size/MD5:  2180458 6c95db22ab8cecdf3e3063c467066fdd
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8b-2ubuntu2.2_amd64.deb
      Size/MD5:  1637608 e7c5a907ca20e1a70a8bc58d4bf14a64
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8b-2ubuntu2.2_amd64.deb
      Size/MD5:   889286 acd0946620cbfa7faddc7aeb6740974b
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2_amd64.deb
      Size/MD5:   999582 b4a57ae7ea571f91d024aa29301bbe1b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8b-2ubuntu2.2_i386.udeb
      Size/MD5:   544566 df890721dd72b191acc4c476911fcbcb
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8b-2ubuntu2.2_i386.deb
      Size/MD5:  2063644 46c37a37167861f3adde7e8a95e12d4a
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8b-2ubuntu2.2_i386.deb
      Size/MD5:  5489454 55461b156db48bfe0300b1171f6e8f56
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8b-2ubuntu2.2_i386.deb
      Size/MD5:  2699992 644637fbea3bec5640932ff14da522e6
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2_i386.deb
      Size/MD5:   993640 b1acc15d9533420b4cc8522f0e2dc1b9

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8b-2ubuntu2.2_powerpc.udeb
      Size/MD5:   586188 075986a665631893dd61fac50f758903
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8b-2ubuntu2.2_powerpc.deb
      Size/MD5:  2212470 0306ccc1e491b5289cb695f2b175d07e
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8b-2ubuntu2.2_powerpc.deb
      Size/MD5:  1704450 3e85ba70bd6cf9de3e5880bd23bdff58
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8b-2ubuntu2.2_powerpc.deb
      Size/MD5:   893620 afa836ca8f243a9792f268d66d5d08f9
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2_powerpc.deb
      Size/MD5:   994478 d415f3f1f05f51ed522c6f85a4dab7ef

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8b-2ubuntu2.2_sparc.udeb
      Size/MD5:   539790 4b28c78aaa16301bf6f96ae5f922d496
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8b-2ubuntu2.2_sparc.deb
      Size/MD5:  2106340 e02e20251c2ee006c4c11ff5011af30e
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8b-2ubuntu2.2_sparc.deb
      Size/MD5:  4024836 821b03eb0d3ab3d8cc73813f35c85652
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8b-2ubuntu2.2_sparc.deb
      Size/MD5:  2127374 569201015315a51624f7da8ec9beec58
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8b-2ubuntu2.2_sparc.deb
      Size/MD5:  1002994 d2987aba36a68654f852b33d3e2d3b10

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2.diff.gz
      Size/MD5:    55956 445213d8f2112405c8f4e5f7b623d6d0
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2.dsc
      Size/MD5:      899 56d5c27718993b8a5266da1c00fbaeaf
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c.orig.tar.gz
      Size/MD5:  3313857 78454bec556bcb4c45129428a766c886

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4ubuntu0.2_amd64.udeb
      Size/MD5:   604412 4c9177176385c48ca22173b3d30d8144
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8c-4ubuntu0.2_amd64.deb
      Size/MD5:  2186730 b4daf1d7cc90b5a8ccd194793eae5812
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4ubuntu0.2_amd64.deb
      Size/MD5:  1645258 187d8c2590f5f96d9d897212079637ef
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8c-4ubuntu0.2_amd64.deb
      Size/MD5:   918222 97e6e623ffaba7231ee7639d96b2ad8b
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2_amd64.deb
      Size/MD5:  1006444 d409960a9fe0626dc975b8fb433dbebc

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4ubuntu0.2_i386.udeb
      Size/MD5:   569614 22bf719bd3081d09f873566adc4128b2
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8c-4ubuntu0.2_i386.deb
      Size/MD5:  2068670 6f512c85199ca7b357b143068c68f876
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4ubuntu0.2_i386.deb
      Size/MD5:  5500094 a8b50b66555148fcd7ac180f62ba53f4
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8c-4ubuntu0.2_i386.deb
      Size/MD5:  2809748 d6ab390d2c443a1e9a8fc916f3021ae6
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2_i386.deb
      Size/MD5:  1001238 5511b821de07098a2c7b276c90a27d0e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4ubuntu0.2_powerpc.udeb
      Size/MD5:   617048 2403835a6b16d816853a8339d3dfa825
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8c-4ubuntu0.2_powerpc.deb
      Size/MD5:  2217684 9d61b5adcab9e63071dcd4519863194b
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4ubuntu0.2_powerpc.deb
      Size/MD5:  1705320 305f43d39387fa00f523206e0d54627f
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8c-4ubuntu0.2_powerpc.deb
      Size/MD5:   939420 703687a6fcb6834bff672969941827d5
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2_powerpc.deb
      Size/MD5:  1014924 1820b1fdf23c052a126666aead5fb768

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4ubuntu0.2_sparc.udeb
      Size/MD5:   562990 b9393e514fd3350f4be058a1cbb04575
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8c-4ubuntu0.2_sparc.deb
      Size/MD5:  2111872 c18849c5f74dfe8c6df52a821e43f17d
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4ubuntu0.2_sparc.deb
      Size/MD5:  4053842 7309b09e4b098f8eebd1b7845ed9205d
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8c-4ubuntu0.2_sparc.deb
      Size/MD5:  2205664 510fe6fa4a3f2f2a1c343e5dcbd959b3
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8c-4ubuntu0.2_sparc.deb
      Size/MD5:  1016688 ccae01a50e74a6e8910187d05654d470

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1.diff.gz
      Size/MD5:    58272 57a88e1401f17f6c871f0826a2297976
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1.dsc
      Size/MD5:      950 6ea6a736b99c920059faa4403d9874f6
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e.orig.tar.gz
      Size/MD5:  3341665 3a7ff24f6ea5cd711984722ad654b927

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.1_amd64.udeb
      Size/MD5:   608520 5dab76926905d7a8511eb79581a42c98
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.1_amd64.deb
      Size/MD5:  2065138 d1c76a608c7c3f5e911690374778c726
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.1_amd64.deb
      Size/MD5:  1643910 6395c5f481ca09ddcfc330ef46a7f001
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.1_amd64.deb
      Size/MD5:   928726 d5f97e67659ab867054830233fa87932
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1_amd64.deb
      Size/MD5:   877816 6df80c2afd44054cb5dd68738c90fee9

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.1_i386.udeb
      Size/MD5:   571728 b5d117eeee48a6e247a9d3a38878da52
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.1_i386.deb
      Size/MD5:  1943122 6fe86fafd46d7d67b3782a7e468cc8ff
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.1_i386.deb
      Size/MD5:  5520390 862ff55ba99cb1662cee280eefe5a5e8
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.1_i386.deb
      Size/MD5:  2825288 5c1450b6f919b6e0a69d1ce84e9c1dd0
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1_i386.deb
      Size/MD5:   872060 552ec0ed6ebecaf35ca6a6e92db9a9db

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.1_powerpc.udeb
      Size/MD5:   617964 39a66d181dff196c83e5b4aed8716c2e
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.1_powerpc.deb
      Size/MD5:  2093136 fafec44cb8894d541588bccef03bf0bc
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.1_powerpc.deb
      Size/MD5:  1704930 75f593effef4952e066ca65fc9e33994
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.1_powerpc.deb
      Size/MD5:   945660 30978f5c497bd604ee417e7cd118f6f1
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1_powerpc.deb
      Size/MD5:   886230 307643fad7044b3da0eb8f8709bf8f56

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.1_sparc.udeb
      Size/MD5:   565186 f78759329f69943231bd1ba03bc799de
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.1_sparc.deb
      Size/MD5:  1987242 1069fd14a5b50ee02ed50aefa87a0c67
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.1_sparc.deb
      Size/MD5:  4049648 d6793d1dd281d2d84738d772444b020e
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.1_sparc.deb
      Size/MD5:  2220780 cc2b4c879b39f7eec14549c095348ddf
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.1_sparc.deb
      Size/MD5:   887274 97b2ef728edc445f67d6f77d6c357e8d

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20071022/44f565dd/attachment.sig>


More information about the ubuntu-security-announce mailing list