Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-704-1: OpenSSL vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-704-1: OpenSSL vulnerability
# 1  
Old 01-07-2009
USN-704-1: OpenSSL vulnerability
Referenced CVEs:
CVE-2008-5077


Description:
===========================================================Ubuntu Security Notice USN-704-1 January 07, 2009openssl vulnerabilityCVE-2008-5077===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.6 openssl 0.9.8a-7ubuntu0.6Ubuntu 7.10: libssl0.9.8 0.9.8e-5ubuntu3.3 openssl 0.9.8e-5ubuntu3.3Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.4 openssl 0.9.8g-4ubuntu3.4Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.1 openssl 0.9.8g-10.1ubuntu2.1After a standard system upgrade you need to reboot your computer toeffect the necessary changes.Details follow:It was discovered that OpenSSL did not properly perform signature verificationon DSA and ECDSA keys. If user or automated system connected to a maliciousserver or a remote attacker were able to perform a man-in-the-middle attack,this flaw could be exploited to view sensitive information.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT PHP

ssl_set_bio

SSL_set_bio(3SSL)                                                     OpenSSL                                                    SSL_set_bio(3SSL)

NAME

       SSL_set_bio - connect the SSL object with a BIO

SYNOPSIS

        #include <openssl/ssl.h>

        void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);

DESCRIPTION

       SSL_set_bio() connects the BIOs rbio and wbio for the read and write operations of the TLS/SSL (encrypted) side of ssl.

       The SSL engine inherits the behaviour of rbio and wbio, respectively.  If a BIO is non-blocking, the ssl will also have non-blocking
       behaviour.

       If there was already a BIO connected to ssl, BIO_free() will be called (for both the reading and writing side, if different).

RETURN VALUES

       SSL_set_bio() cannot fail.

SEE ALSO

       SSL_get_rbio(3), SSL_connect(3), SSL_accept(3), SSL_shutdown(3), ssl(3), bio(3)

1.0.1e                                                              2013-02-11                                                   SSL_set_bio(3SSL)