USN-704-1: OpenSSL vulnerability
7 January 2009
- openssl -
It was discovered that OpenSSL did not properly perform signature verification
on DSA and ECDSA keys. If user or automated system connected to a malicious
server or a remote attacker were able to perform a machine-in-the-middle attack,
this flaw could be exploited to view sensitive information.
The problem can be corrected by updating your system to the following package versions:
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.