[USN-1424-1] OpenSSL vulnerabilities
jamie at canonical.com
Thu Apr 19 22:40:55 UTC 2012
Ubuntu Security Notice USN-1424-1
April 19, 2012
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
An application using OpenSSL could be made to crash or run programs if it
opened a specially crafted file.
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
It was discovered that OpenSSL could be made to dereference a NULL pointer
when processing S/MIME messages. A remote attacker could use this to cause
a denial of service. These issues did not affect Ubuntu 8.04 LTS.
Tavis Ormandy discovered that OpenSSL did not properly perform bounds
checking when processing DER data via BIO or FILE functions. A remote
attacker could trigger this flaw in services that used SSL to cause a
denial of service or possibly execute arbitrary code with application
The problem can be corrected by updating your system to the following
Ubuntu 10.04 LTS:
Ubuntu 8.04 LTS:
After a standard system update you need to reboot your computer to make
all the necessary changes.
CVE-2006-7250, CVE-2012-1165, CVE-2012-2110
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: This is a digitally signed message part
More information about the ubuntu-security-announce