Security Advisories (RSS)

Referenced CVEs:
CVE-2009-0590


Description:
===========================================================Ubuntu Security Notice USN-750-1 March 30, 2009openssl vulnerabilityCVE-2009-0590===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.7Ubuntu 7.10: libssl0.9.8 0.9.8e-5ubuntu3.4Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.5Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.2After a standard system upgrade you need to reboot your computer toeffect the necessary changes.Details follow:It was discovered that OpenSSL did not properly validate the length of anencoded BMPString or UniversalString when printing ASN.1 strings. If a useror automated system were tricked into processing a crafted certificate, anattacker could cause a denial of service via application crash inapplications linked against OpenSSL.





More...

SSL and OpenSSL vulnerabilities are not unusual, we simply have to wait for the various OS, et al providers to issue updates/patches to close them as is the case with this one...
Interestingly the fix was not automatically offered to me I had to seelct System -> Administration -> Update Manager and click on the check button before I was offered it so thanks for the notice.