2

USN-830-1: OpenSSL vulnerability

view story
linux-howto

http://www.ubuntu.com – Referenced CVEs:  CVE-2009-2409 Description:  =========================================================== Ubuntu Security Notice USN-830-1 September 14, 2009 openssl vulnerability CVE-2009-2409 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.10 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.8 Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.5 Ubuntu 9.04: libssl0.9.8 0.9.8g-15ubuntu3.3 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Dan Kaminsky discovered OpenSSL would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation. (Distributions)

Edward.H's picture
Submitted by Edward.H on 09/14/2009

Stories similar to USN-830-1: OpenSSL vulnerability

Referenced CVEs: 

CVE-2009-4355

Description: 

=========================================================== Ubuntu Security Notice USN-884-1 January 14, 2010 openssl vulnerability CVE-2009-4355 ===========================================================

A security issue a

USN-810-1: NSS vulnerabilities 3 years 41 weeks ago

Referenced CVEs: 

CVE-2009-2404, CVE-2009-2408, CVE-2009-2409

Description: 

=========================================================== Ubuntu Security Notice USN-810-1 August 04, 2009 nss vulnerabilities CVE-2009-2404, CVE-2009-2408, CVE-2009-2409 =====================

Referenced CVEs: 

CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387

Description: 

=========================================================== Ubuntu Security Notice USN-792-1 June 25, 2009 openssl vulnerabilities CVE-2009-1377, CVE-2009-1378, CV

Referenced CVEs: 

CVE-2009-2409, CVE-2009-2730

Description: 

=========================================================== Ubuntu Security Notice USN-809-1 August 19, 2009 gnutls12, gnutls13, gnutls26 vulnerabilities CVE-2009-2409, CVE-2009-2730, https://launchpad.net/bug

USN-810-2: NSPR update 3 years 41 weeks ago

Description: 

=========================================================== Ubuntu Security Notice USN-810-2 August 04, 2009 nspr update https://launchpad.net/bugs/387745 ===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04

This advis

USN-810-3: NSS regression 3 years 37 weeks ago

Description: 

=========================================================== Ubuntu Security Notice USN-810-3 September 02, 2009 nss regression https://launchpad.net/bugs/409864 ===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04

This ad

USN-799-1: D-Bus vulnerability 3 years 44 weeks ago

Referenced CVEs: 

CVE-2009-1189

Description: 

=========================================================== Ubuntu Security Notice USN-799-1 July 13, 2009 dbus vulnerability CVE-2009-1189 ===========================================================

A security issue affec

Referenced CVEs: 

CVE-2009-2666

Description: 

=========================================================== Ubuntu Security Notice USN-816-1 August 12, 2009 fetchmail vulnerability CVE-2009-2666 ===========================================================

A security issue

USN-829-1: Qt vulnerability 3 years 35 weeks ago

Referenced CVEs: 

CVE-2009-2700

Description: 

=========================================================== Ubuntu Security Notice USN-829-1 September 10, 2009 qt4-x11 vulnerability CVE-2009-2700 ===========================================================

A security issue a