Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: USN-620-1: OpenSSL vulnerabilities
Special Forums Cybersecurity Security Advisories (RSS) USN-620-1: OpenSSL vulnerabilities Post 302209248 by Linux Bot on Thursday 26th of June 2008 09:40:04 AM
Old 06-26-2008
USN-620-1: OpenSSL vulnerabilities
Referenced CVEs:
CVE-2008-0891, CVE-2008-1672


Description:
=========================================================== Ubuntu Security Notice USN-620-1 June 26, 2008 openssl vulnerabilities CVE-2008-0891, CVE-2008-1672 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.3 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: It was discovered that OpenSSL was vulnerable to a double-free when using TLS server extensions. A remote attacker could send a crafted packet and cause a denial of service via application crash in applications linked against OpenSSL. Ubuntu 8.04 LTS does not compile TLS server extensions by default. (CVE-2008-0891) It was discovered that OpenSSL could dereference a NULL pointer. If a user or automated system were tricked into connecting to a malicious server with particular cipher suites, a remote attacker could cause a denial of service via application crash. (CVE-2008-1672)





More...
 

We Also Found This Discussion For You

1. Red Hat

Openssl vulnerabilities

Hi there, The following openssl package are installed on the machine (openssl-1.0.0-27.el6_4.2.x86_64). It isn't the last version but I need to known if this content Vulnerabilities... How to check that on RedHat? Could you please tell me how to find this information?? Thankx (3 Replies)
Discussion started by: hiero_nymus
3 Replies

LEARN ABOUT XFREE86

what-patch

WHAT-PATCH(1)						      General Commands Manual						     WHAT-PATCH(1)

NAME

       what-patch - detect which patch system a Debian package uses

SYNOPSIS

       what-patch [options]

DESCRIPTION

       what-patch examines the debian/rules file to determine which patch system the Debian package is using.

       what-patch should be run from the root directory of the Debian source package.

OPTIONS

       Listed below are the command line options for what-patch:

       -h, --help
	      Display a help message and exit.

       -v     Enable verbose mode.  This will include the listing of any files modified outside or the debian/ directory and report any additional
	      details about the patch system if available.

AUTHORS

       what-patch was written by Kees Cook <kees@ubuntu.com>, Siegfried-A. Gevatter <rainct@ubuntu.com>, and  Daniel  Hahler  <ubuntu@thequod.de>,
       among others.  This manual page was written by Jonathan Patrick Davies <jpds@ubuntu.com>.

       Both are released under the GNU General Public License, version 3 or later.

SEE ALSO

       The Ubuntu MOTU team has some documentation about patch systems at the Ubuntu wiki: https://wiki.ubuntu.com/PackagingGuide/PatchSystems

       cdbs-edit-patch(1), dbs-edit-patch(1), dpatch-edit-patch(1)

DEBIAN
								 Debian Utilities						     WHAT-PATCH(1)
All times are GMT -4. The time now is 01:22 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy