USN-704-1: OpenSSL vulnerability


 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-704-1: OpenSSL vulnerability
# 1  
Old 01-07-2009
USN-704-1: OpenSSL vulnerability

Referenced CVEs:
CVE-2008-5077


Description:
===========================================================Ubuntu Security Notice USN-704-1 January 07, 2009openssl vulnerabilityCVE-2008-5077===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.6 openssl 0.9.8a-7ubuntu0.6Ubuntu 7.10: libssl0.9.8 0.9.8e-5ubuntu3.3 openssl 0.9.8e-5ubuntu3.3Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.4 openssl 0.9.8g-4ubuntu3.4Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.1 openssl 0.9.8g-10.1ubuntu2.1After a standard system upgrade you need to reboot your computer toeffect the necessary changes.Details follow:It was discovered that OpenSSL did not properly perform signature verificationon DSA and ECDSA keys. If user or automated system connected to a maliciousserver or a remote attacker were able to perform a man-in-the-middle attack,this flaw could be exploited to view sensitive information.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question
SSL_set_verify_result(3)					      OpenSSL						  SSL_set_verify_result(3)

NAME
SSL_set_verify_result - override result of peer certificate verification SYNOPSIS
#include <openssl/ssl.h> void SSL_set_verify_result(SSL *ssl, long verify_result); DESCRIPTION
SSL_set_verify_result() sets verify_result of the object ssl to be the result of the verification of the X509 certificate presented by the peer, if any. NOTES
SSL_set_verify_result() overrides the verification result. It only changes the verification result of the ssl object. It does not become part of the established session, so if the session is to be reused later, the original value will reappear. The valid codes for verify_result are documented in verify(1). RETURN VALUES
SSL_set_verify_result() does not provide a return value. SEE ALSO
ssl(3), SSL_get_verify_result(3), SSL_get_peer_certificate(3), verify(1) 0.9.7d 2002-04-30 SSL_set_verify_result(3)