Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in OpenSSL
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in OpenSSL
ID: USN-1451-1
Distribution: Ubuntu
Plattformen: Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS
Datum: Fr, 25. Mai 2012, 08:29
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333
Applikationen: OpenSSL

Originalnachricht


--===============4871467721891020108==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="nFreZHaLTZJo0R7j"
Content-Disposition: inline


--nFreZHaLTZJo0R7j
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-1451-1
May 24, 2012

openssl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

Applications using OpenSSL in certain situations could be made to
crash or expose sensitive information.

Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Ivan Nestlerode discovered that the Cryptographic Message Syntax
(CMS) and PKCS #7 implementations in OpenSSL returned early if RSA
decryption failed. This could allow an attacker to expose sensitive
information via a Million Message Attack (MMA). (CVE-2012-0884)

It was discovered that an integer underflow was possible when using
TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a
remote attacker to cause a denial of service. (CVE-2012-2333)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.2
openssl 1.0.1-4ubuntu5.2

Ubuntu 11.10:
libssl1.0.0 1.0.0e-2ubuntu4.6
openssl 1.0.0e-2ubuntu4.6

Ubuntu 11.04:
libssl0.9.8 0.9.8o-5ubuntu1.7
openssl 0.9.8o-5ubuntu1.7

Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.13
openssl 0.9.8k-7ubuntu8.13

Ubuntu 8.04 LTS:
libssl0.9.8 0.9.8g-4ubuntu3.19
openssl 0.9.8g-4ubuntu3.19

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1451-1
CVE-2012-0884, CVE-2012-2333

Package Information:
https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.2
https://launchpad.net/ubuntu/+source/openssl/1.0.0e-2ubuntu4.6
https://launchpad.net/ubuntu/+source/openssl/0.9.8o-5ubuntu1.7
https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.13
https://launchpad.net/ubuntu/+source/openssl/0.9.8g-4ubuntu3.19


--nFreZHaLTZJo0R7j
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJPvr0RAAoJEC8Jno0AXoH0kZAP/24A0vHAi6K4eUdJHmOKLQ/e
9vganQ5LCbi0g65iUGGvgf4u2AvyKw/TKQVJ3FPGv9zlgb6q02jEzjAp3leV13VY
rn3ZtxH2m0+pXBj1ZJqAyYECdcGZUUBYEpSWZ1ucWZDIGtTqHTAi1Aj6wy4GiQ91
Phr1iSgpYYJMdboeypapphyPoKo+8nCVH8m6ojS+3GrBp/ZJCsNTixbOwG2C9sn/
fh+YIhNC7g6ML5tThbpl0RH0ky8FhH1mTOroCQwGf0B9Boge4Xn1/c0S2ndgs5u7
zJSVyTL9g1GYseZ37CV9+cHujCkGr81iXpjcgfmYP321DGs2Qv5aRVpJEQEWeY6s
rh1YynS+MSaumyDO0wi/y1I5/8NuiVpTUF2YPwZVAGKTmkhJXt5yKD228BhArssh
PAFDBeC2/SbmffZvOebSHlnvx/IRCW8sPNLbA+AKR2T0RJ7WMXJWKDJ9Gb0XBKNf
g56w9kMzK6aQp1WZWNOGI6Gbt3JMNpAS2NHHmCAuXxslNYTg6u+IZe2MEnV4CPOL
OcMRYFilNDVXffpy2NJ7YSjaGRgt3KdIF/BYmAYvog1fJXtB0N1+gXcCGMvDv9l4
gSINeLJGsCbiqwN7cR0wZzm2krGnOH7vQCkeKDS1raPxX1f69xiEsBetr84Q+mGv
bRL6pwLvYiazvs11pzgz
=mDBi
-----END PGP SIGNATURE-----

--nFreZHaLTZJo0R7j--


--===============4871467721891020108==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4871467721891020108==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung