USN-353-1: openssl vulnerabilities

29 September 2006

openssl vulnerabilities

Releases

Details

Dr. Henson of the OpenSSL core team and Open Network Security
discovered a mishandled error condition in the ASN.1 parser. By
sending specially crafted packet data, a remote attacker could exploit
this to trigger an infinite loop, which would render the service
unusable and consume all available system memory. (CVE-2006-2937)

Certain types of public key could take disproportionate amounts of
time to process. The library now limits the maximum key exponent size
to avoid Denial of Service attacks. (CVE-2006-2940)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a
buffer overflow in the SSL_get_shared_ciphers() function. By sending
specially crafted packets to applications that use this function (like
Exim, MySQL, or the openssl command line tool), a remote attacker
could exploit this to execute arbitrary code with the server's
privileges. (CVE-2006-3738)

Tavis Ormandy and Will Drewry of the Google Security Team reported
that the get_server_hello() function did not sufficiently check the
client's session certificate. This could be exploited to crash clients
by remote attackers sending specially crafted SSL responses.
(CVE-2006-4343)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06
  • libssl0.9.8 - 0.9.8a-7ubuntu0.2
Ubuntu 5.10
  • libssl0.9.7 - 0.9.7g-1ubuntu1.3
Ubuntu 5.04
  • libssl0.9.7 - 0.9.7e-3ubuntu0.4

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Related notices