USN-620-1: OpenSSL vulnerabilities
26 June 2008
OpenSSL vulnerabilities
Releases
Packages
- openssl -
Details
It was discovered that OpenSSL was vulnerable to a double-free
when using TLS server extensions. A remote attacker could send a
crafted packet and cause a denial of service via application crash
in applications linked against OpenSSL. Ubuntu 8.04 LTS does not
compile TLS server extensions by default. (CVE-2008-0891)
It was discovered that OpenSSL could dereference a NULL pointer.
If a user or automated system were tricked into connecting to a
malicious server with particular cipher suites, a remote attacker
could cause a denial of service via application crash.
(CVE-2008-1672)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 8.04
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.