rss-bot
March 30th, 2009, 08:40 PM
Referenced CVEs:
CVE-2009-0590
Description:
================================================== ========= Ubuntu Security Notice USN-750-1 March 30, 2009 openssl vulnerability CVE-2009-0590 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.7 Ubuntu 7.10: libssl0.9.8 0.9.8e-5ubuntu3.4 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.5 Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.2 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: It was discovered that OpenSSL did not properly validate the length of an encoded BMPString or UniversalString when printing ASN.1 strings. If a user or automated system were tricked into processing a crafted certificate, an attacker could cause a denial of service via application crash in applications linked against OpenSSL.
More... (http://www.ubuntu.com/usn/usn-750-1)
CVE-2009-0590
Description:
================================================== ========= Ubuntu Security Notice USN-750-1 March 30, 2009 openssl vulnerability CVE-2009-0590 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.7 Ubuntu 7.10: libssl0.9.8 0.9.8e-5ubuntu3.4 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.5 Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.2 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: It was discovered that OpenSSL did not properly validate the length of an encoded BMPString or UniversalString when printing ASN.1 strings. If a user or automated system were tricked into processing a crafted certificate, an attacker could cause a denial of service via application crash in applications linked against OpenSSL.
More... (http://www.ubuntu.com/usn/usn-750-1)