USN-704-1: OpenSSL vulnerability


 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-704-1: OpenSSL vulnerability
# 1  
Old 01-07-2009
USN-704-1: OpenSSL vulnerability

Referenced CVEs:
CVE-2008-5077


Description:
===========================================================Ubuntu Security Notice USN-704-1 January 07, 2009openssl vulnerabilityCVE-2008-5077===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.6 openssl 0.9.8a-7ubuntu0.6Ubuntu 7.10: libssl0.9.8 0.9.8e-5ubuntu3.3 openssl 0.9.8e-5ubuntu3.3Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.4 openssl 0.9.8g-4ubuntu3.4Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.1 openssl 0.9.8g-10.1ubuntu2.1After a standard system upgrade you need to reboot your computer toeffect the necessary changes.Details follow:It was discovered that OpenSSL did not properly perform signature verificationon DSA and ECDSA keys. If user or automated system connected to a maliciousserver or a remote attacker were able to perform a man-in-the-middle attack,this flaw could be exploited to view sensitive information.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question
SSL_get_ciphers(3)						      OpenSSL							SSL_get_ciphers(3)

NAME
SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs SYNOPSIS
#include <openssl/ssl.h> STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *ssl); const char *SSL_get_cipher_list(SSL *ssl, int priority); DESCRIPTION
SSL_get_ciphers() returns the stack of available SSL_CIPHERs for ssl, sorted by preference. If ssl is NULL or no ciphers are available, NULL is returned. SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER listed for ssl with priority. If ssl is NULL, no ciphers are avail- able, or there are less ciphers than priority available, NULL is returned. NOTES
The details of the ciphers obtained by SSL_get_ciphers() can be obtained using the SSL_CIPHER_get_name(3) family of functions. Call SSL_get_cipher_list() with priority starting from 0 to obtain the sorted list of available ciphers, until NULL is returned. RETURN VALUES
See DESCRIPTION SEE ALSO
ssl(3), SSL_CTX_set_cipher_list(3), SSL_CIPHER_get_name(3) 0.9.7a 2000-09-18 SSL_get_ciphers(3)