drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in OpenSSL (Aktualisierung)
Name: |
Mehrere Probleme in OpenSSL (Aktualisierung) |
|
ID: |
USN-1732-3 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 12.10 |
|
Datum: |
Mo, 25. März 2013, 19:08 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169 |
|
Applikationen: |
OpenSSL |
|
Update von: |
Mehrere Probleme in OpenSSL |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============5013735025700889056== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigDEBBDC277DF06FB721372726"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigDEBBDC277DF06FB721372726 Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1732-3 March 25, 2013
openssl vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10 - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0169 and CVE-2012-2686 was reverted in USN-1732-2 because of a regression. This update restores the security fix, and includes an extra fix from upstream to address the AES-NI regression. We apologize for the inconvenience.
Original advisory details:
Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2012-2686) Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. (CVE-2013-0169)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.3
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.8
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1732-3 http://www.ubuntu.com/usn/usn-1732-1 CVE-2013-0169
Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.3 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.8
--------------enigDEBBDC277DF06FB721372726 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRUFTxAAoJEGVp2FWnRL6TXjIQAJ1sjAz75G0newiX8veEeeOR UjyHP32Q668ZkYJH4S1e5VdMJfYz+l3GBYTQ1sEZcVJOlLJYiYu88nVcNM1T3icn VrOaxUEP+IAGGf4b+huCPyNbQajRl/0mX27Nq2wFWvgdp5+7Q1wkASQQBiIS0PsZ vIKiqPZRvYTWCqvDp5nS1W7rkXAL5xKG9SCWOV1qxpyKZ+dsu7uhjwqaZYUNtQem tiwG+nqlRmsy8bbNCEn+PyXvqQmYD3//Ny/ekTPLeJX8JjACRr6Dzb4Az/DDeW31 9pZxc05VMazOS3g7pzDxw4ze1QoQsgqlqPFyi5Do4hTHPoyjul8g6F5mZWdbOHjF X1MI+7mXkViaaTyRj6aHAtuHKIKgn/58R86W5tiUCklDOA7p8EGGwcLbhLTA/M3H hjSDraw46b47C0Es7zSR0+G8UxtT9615N6CWR29qHU/58c725gR68OpvYteP/y9C OrpCAeQlQc9PvkImAC3sYnsR7Zo5h0WVW550PkRwhTsDqu4qw1bmPrNAvfvXdfNO XL+1gHC37q9R6EANrBzLasfxFLiZs2w3U8xTNoFo+MfjLQEHhfNqr66VTt0Vh5XR N8UfgpXoaAQrl0bBI7e0D6zRdb/uRIjZf5eDHpOGyAP7ccUZhsZKpE3dAafeBvF3 sX20yi1YCeIK0E53Ay+N =6M7f -----END PGP SIGNATURE-----
--------------enigDEBBDC277DF06FB721372726--
--===============5013735025700889056== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5013735025700889056==--
|
|
|
|