USN-704-1: OpenSSL vulnerability

07 January 2009

OpenSSL vulnerability

Releases

Packages

Details

It was discovered that OpenSSL did not properly perform signature verification
on DSA and ECDSA keys. If user or automated system connected to a malicious
server or a remote attacker were able to perform a man-in-the-middle attack,
this flaw could be exploited to view sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.10
Ubuntu 8.04
Ubuntu 7.10
Ubuntu 6.06

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

References