Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: USN-750-1: OpenSSL vulnerability
Special Forums Cybersecurity Security Advisories (RSS) USN-750-1: OpenSSL vulnerability Post 302302373 by Linux Bot on Monday 30th of March 2009 07:45:08 PM
Old 03-30-2009
USN-750-1: OpenSSL vulnerability
Referenced CVEs:
CVE-2009-0590


Description:
===========================================================Ubuntu Security Notice USN-750-1 March 30, 2009openssl vulnerabilityCVE-2009-0590===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.7Ubuntu 7.10: libssl0.9.8 0.9.8e-5ubuntu3.4Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.5Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.2After a standard system upgrade you need to reboot your computer toeffect the necessary changes.Details follow:It was discovered that OpenSSL did not properly validate the length of anencoded BMPString or UniversalString when printing ASN.1 strings. If a useror automated system were tricked into processing a crafted certificate, anattacker could cause a denial of service via application crash inapplications linked against OpenSSL.





More...
 
All times are GMT -4. The time now is 12:01 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy