USN-1064-1: OpenSSL vulnerability

15 February 2011

Releases

Packages

Details

Neel Mehta discovered that incorrectly formatted ClientHello handshake
messages could cause OpenSSL to parse past the end of the message.
This could allow a remote attacker to cause a crash and denial of
service by triggering invalid memory accesses.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.10
Ubuntu 10.04

After a standard system update you need to reboot your computer to make
all the necessary changes.

References