Looks like everyone ON for openssl bug feast!! ;-) Is this different from
SSL_get_shared_ciphers() buffer overflow (CVE-2006-3738)??

-d

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin Pitt
Sent: Thursday, September 28, 2006 8:30 AM
To: [EMAIL PROTECTED]
Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: [Full-disclosure] [USN-353-1] openssl vulnerabilities

=========================================================== 
Ubuntu Security Notice USN-353-1         September 28, 2006
openssl vulnerabilities
CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libssl0.9.7                              0.9.7e-3ubuntu0.4

Ubuntu 5.10:
  libssl0.9.7                              0.9.7g-1ubuntu1.3

Ubuntu 6.06 LTS:
  libssl0.9.8                              0.9.8a-7ubuntu0.2

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Dr. Henson of the OpenSSL core team and Open Network Security
discovered a mishandled error condition in the ASN.1 parser. By
sending specially crafted packet data, a remote attacker could exploit
this to trigger an infinite loop, which would render the service
unusable and consume all available system memory. (CVE-2006-2937)

Certain types of public key could take disproportionate amounts of
time to process. The library now limits the maximum key exponent size
to avoid Denial of Service attacks. (CVE-2006-2940)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a
buffer overflow in the SSL_get_shared_ciphers() function. By sending
specially crafted packets to applications that use this function (like
Exim, MySQL, or the openssl command line tool), a remote attacker
could exploit this to execute arbitrary code with the server's
privileges. (CVE-2006-3738)

Tavis Ormandy and Will Drewry of the Google Security Team reported
that the get_server_hello() function did not sufficiently check the
client's session certificate. This could be exploited to crash clients
by remote attackers sending specially crafted SSL responses.
(CVE-2006-4343)


Updated packages for Ubuntu 5.04:

  Source archives:

 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu
0.4.diff.gz
      Size/MD5:    31608 073a299c1050059dddc16818fecd56c5
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu
0.4.dsc
      Size/MD5:      645 eb30a98f7f176954987a8642bcda2ae7
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e.orig.ta
r.gz
      Size/MD5:  3043231 a8777164bca38d84e5eb2b1535223474

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.
9.7e-3ubuntu0.4_amd64.udeb
      Size/MD5:   495242 d51b7cb655f0cd4010160d7e8546da41
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubu
ntu0.4_amd64.deb
      Size/MD5:  2694098 3c87855cd1a4a2bb12dd1fef0acdca78
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ub
untu0.4_amd64.deb
      Size/MD5:   770334 e0dff277aafa1f35fcc7995576374922
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu
0.4_amd64.deb
      Size/MD5:   904128 70a46effaa0b51162f9d84c609bba596

  i386 architecture (x86 compatible Intel/AMD)

 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.
9.7e-3ubuntu0.4_i386.udeb
      Size/MD5:   433488 f1bd01ac7dd85f10cd5c32d6d78cb514
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubu
ntu0.4_i386.deb
      Size/MD5:  2493770 5369e13ba790cecbff0854a0d173d11a
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ub
untu0.4_i386.deb
      Size/MD5:  2243328 62d80313f7ffdb047878a12687e5d689
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu
0.4_i386.deb
      Size/MD5:   901520 3791cb1125bde1a315955023c777e2ae

  powerpc architecture (Apple Macintosh G3/G4/G5)

 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.
9.7e-3ubuntu0.4_powerpc.udeb
      Size/MD5:   499458 ec8af8b5ee0eaeb859a232e8a233b0dd
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubu
ntu0.4_powerpc.deb
      Size/MD5:  2774934 15270e8e78df08a6b7b5be55dc3d6553
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ub
untu0.4_powerpc.deb
      Size/MD5:   779888 19a6e2d00d895845f556c44e044151f9
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu
0.4_powerpc.deb
      Size/MD5:   908598 9b0fa35557f76a6b24de199e3323541c

Updated packages for Ubuntu 5.10:

  Source archives:

 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu
1.3.diff.gz
      Size/MD5:    32295 def7ac70ca1bc85e0c4ebbd4260a4461
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu
1.3.dsc
      Size/MD5:      657 0b1769211fafefd21cc37c07a932a714
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g.orig.ta
r.gz
      Size/MD5:  3132217 991615f73338a571b6a1be7d74906934

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.
9.7g-1ubuntu1.3_amd64.udeb
      Size/MD5:   499030 f8b4eac9e1bf96e10f8c30eab69649dd
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubu
ntu1.3_amd64.deb
      Size/MD5:  2700532 2cd3f1e6ce79941b8946a80e78dbda64
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ub
untu1.3_amd64.deb
      Size/MD5:   773856 ee733077d079b9e36da96b795acbdc29
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu
1.3_amd64.deb
      Size/MD5:   913582 de9d0df5743ac33192195b94d063dc6c

  i386 architecture (x86 compatible Intel/AMD)

 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.
9.7g-1ubuntu1.3_i386.udeb
      Size/MD5:   431028 61d40d649af32133db15ec53918caa4a
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubu
ntu1.3_i386.deb
      Size/MD5:  2480762 653bd5d137e0dc2ad6fc74491fd0fbb9
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ub
untu1.3_i386.deb
      Size/MD5:  2204582 677d877964154251d8780b169688a060
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu
1.3_i386.deb
      Size/MD5:   904888 5079b31ec8fffa99838c43e42e968990

  powerpc architecture (Apple Macintosh G3/G4/G5)

 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.
9.7g-1ubuntu1.3_powerpc.udeb
      Size/MD5:   476060 6460459d1e4814f183a89cf81ecf022c
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubu
ntu1.3_powerpc.deb
      Size/MD5:  2657180 0fde1af2915b4693664a9e74a2ed8601
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ub
untu1.3_powerpc.deb
      Size/MD5:   752946 77a8a8501ff4ad35266447a38ada5d13
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu
1.3_powerpc.deb
      Size/MD5:   910630 126076de0fe5f7693953276c7c668971

  sparc architecture (Sun SPARC/UltraSPARC)

 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.
9.7g-1ubuntu1.3_sparc.udeb
      Size/MD5:   452356 f255548c1df1fe1f8e895ebcb3df6b81
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubu
ntu1.3_sparc.deb
      Size/MD5:  2570856 5bd4aea0262f6603cd8dcfe54e4c5c84
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ub
untu1.3_sparc.deb
      Size/MD5:  1792562 376e9010e9be775faccc9e1f350e6ab9
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu
1.3_sparc.deb
      Size/MD5:   918608 424c15da9d050abcb50bf8bbe460a201

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu
0.2.diff.gz
      Size/MD5:    38612 7c8d54fe8b0a7f3fd04973d0caf4e561
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu
0.2.dsc
      Size/MD5:      816 11829550f1f01bb297687320de351567
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.ta
r.gz
      Size/MD5:  3271435 1d16c727c10185e4d694f87f5e424ee1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.
9.8a-7ubuntu0.2_amd64.udeb
      Size/MD5:   571660 3f1e1fb3a1d647e89e8d2c8957ac7515
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubu
ntu0.2_amd64.deb
      Size/MD5:  2166962 b4dc05821c8e0257f2de1f66d60fe76b
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a
-7ubuntu0.2_amd64.deb
      Size/MD5:  1681664 85a9864fd04f3148d80debfe62baf27e
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ub
untu0.2_amd64.deb
      Size/MD5:   874726 b745ed4bc29c6ef1e6f04843da7075f4
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu
0.2_amd64.deb
      Size/MD5:   984430 6c44bb70358de400212abdb8603c632b

  i386 architecture (x86 compatible Intel/AMD)

 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.
9.8a-7ubuntu0.2_i386.udeb
      Size/MD5:   509398 d003af0377dd2c4626c8a2968e88dec6
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubu
ntu0.2_i386.deb
      Size/MD5:  2023488 33d7fb4e61731e6a3d3696035e5e7475
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a
-7ubuntu0.2_i386.deb
      Size/MD5:  5049880 643b1bd41b95d9b8d5e7503fa877095a
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ub
untu0.2_i386.deb
      Size/MD5:  2594328 0d883c64b2eed5a87b5251099d571b9f
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu
0.2_i386.deb
      Size/MD5:   975820 e2fb9756f9be6a9c6dcc8440722cbae0

  powerpc architecture (Apple Macintosh G3/G4/G5)

 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.
9.8a-7ubuntu0.2_powerpc.udeb
      Size/MD5:   557832 0e2ab74f6eb2edaede39a75708a0ba85
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubu
ntu0.2_powerpc.deb
      Size/MD5:  2180720 48ab01b68fe292838283e670b200f71e
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a
-7ubuntu0.2_powerpc.deb
      Size/MD5:  1726256 8969623cd03454d23d6a1377bd7a84a6
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ub
untu0.2_powerpc.deb
      Size/MD5:   861072 b2657f1e3f44972cc4847e558101fac0
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu
0.2_powerpc.deb
      Size/MD5:   979948 131b80f74dbecc0bbf7612a1d75762dd

  sparc architecture (Sun SPARC/UltraSPARC)

 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.
9.8a-7ubuntu0.2_sparc.udeb
      Size/MD5:   530804 394500b55746ee58bd74dbd40e4cc754
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubu
ntu0.2_sparc.deb
      Size/MD5:  2092366 b3519eafe025f19f0bd1abc1b8305865
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a
-7ubuntu0.2_sparc.deb
      Size/MD5:  3940942 9ff4a8eddbd8685dccfd74a376e0d9dd
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ub
untu0.2_sparc.deb
      Size/MD5:  2090730 7a98b80bfffca5cf2435df0835a37f27
 
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu
0.2_sparc.deb
      Size/MD5:   987898 0f7f8fb86af538d8828149545124d0d2

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to