USN-353-1: openssl vulnerabilities
29 September 2006
openssl vulnerabilities
Releases
Details
Dr. Henson of the OpenSSL core team and Open Network Security
discovered a mishandled error condition in the ASN.1 parser. By
sending specially crafted packet data, a remote attacker could exploit
this to trigger an infinite loop, which would render the service
unusable and consume all available system memory. (CVE-2006-2937)
Certain types of public key could take disproportionate amounts of
time to process. The library now limits the maximum key exponent size
to avoid Denial of Service attacks. (CVE-2006-2940)
Tavis Ormandy and Will Drewry of the Google Security Team discovered a
buffer overflow in the SSL_get_shared_ciphers() function. By sending
specially crafted packets to applications that use this function (like
Exim, MySQL, or the openssl command line tool), a remote attacker
could exploit this to execute arbitrary code with the server's
privileges. (CVE-2006-3738)
Tavis Ormandy and Will Drewry of the Google Security Team reported
that the get_server_hello() function did not sufficiently check the
client's session certificate. This could be exploited to crash clients
by remote attackers sending specially crafted SSL responses.
(CVE-2006-4343)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 6.06
-
libssl0.9.8
-
0.9.8a-7ubuntu0.2
Ubuntu 5.10
-
libssl0.9.7
-
0.9.7g-1ubuntu1.3
Ubuntu 5.04
-
libssl0.9.7
-
0.9.7e-3ubuntu0.4
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
References
Related notices
- USN-353-2: libssl0.9.8, libssl0.9.7