Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-612-1: OpenSSL vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-612-1: OpenSSL vulnerability
# 1  
Old 05-13-2008
USN-612-1: OpenSSL vulnerability
Referenced CVEs:
CVE-2008-0166


<div class="field field-type-text field-field-description">Description:
<div class="field-items"><div class="field-item"><div class="usn">=========================================================== Ubuntu Security Notice USN-612-1 May 13, 2008openssl vulnerabilityCVE-2008-0166===========================================================A weakness has been discovered in the random number generator usedby OpenSSL on Debian and Ubuntu systems. As a result of thisweakness, certain encryption keys are much more common than theyshould be, such that an attacker could guess the key through abrute-force attack given minimal knowledge of the system. Thisparticularly affects the use of encryption keys in OpenSSH, OpenVPNand SSL certificates.This vulnerability only affects operating systems which (likeUbuntu) are based on Debian. However, other systems can beindirectly affected if weak keys are imported into them.We consider this an extremely serious vulnerability, and urge allusers to act immediately to secure their systems. (CVE-2008-0166)This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.== Who is affected ==Systems which are running any of the following releases: * Ubuntu 7.04 (Feisty) * Ubuntu 7.10 (Gutsy) * Ubuntu 8.04 LTS (Hardy) * Ubuntu "Intrepid Ibex" (development): libssl
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT PHP

ssl_set_bio

SSL_set_bio(3SSL)                                                     OpenSSL                                                    SSL_set_bio(3SSL)

NAME

       SSL_set_bio - connect the SSL object with a BIO

SYNOPSIS

        #include <openssl/ssl.h>

        void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);

DESCRIPTION

       SSL_set_bio() connects the BIOs rbio and wbio for the read and write operations of the TLS/SSL (encrypted) side of ssl.

       The SSL engine inherits the behaviour of rbio and wbio, respectively.  If a BIO is non-blocking, the ssl will also have non-blocking
       behaviour.

       If there was already a BIO connected to ssl, BIO_free() will be called (for both the reading and writing side, if different).

RETURN VALUES

       SSL_set_bio() cannot fail.

SEE ALSO

       SSL_get_rbio(3), SSL_connect(3), SSL_accept(3), SSL_shutdown(3), ssl(3), bio(3)

1.0.1e                                                              2013-02-11                                                   SSL_set_bio(3SSL)