3

USN-884-1: OpenSSL vulnerability

view full story
linux-howto

http://www.ubuntu.com – Referenced CVEs:  CVE-2009-4355 Description:  =========================================================== Ubuntu Security Notice USN-884-1 January 14, 2010 openssl vulnerability CVE-2009-4355 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.11 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.9 Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.6 Ubuntu 9.04: libssl0.9.8 0.9.8g-15ubuntu3.4 Ubuntu 9.10: libssl0.9.8 0.9.8g-16ubuntu3.1 After a standard system upgrade you need to restart any applications using OpenSSL, especially Apache, to effect the necessary changes. Details follow: It was discovered that OpenSSL did not correctly free unused memory in certain situations. A remote attacker could trigger this flaw in services that used SSL, causing the service to use all available system memory, leading to a denial of service. (Distributions)