USN-1018-1: OpenSSL vulnerability
Ubuntu Security Notice USN-1018-1
17th November, 2010
openssl vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
Software description
- openssl
Details
Rob Hulswit discovered a race condition in the OpenSSL TLS server
extension parsing code when used within a threaded server. A remote
attacker could trigger this flaw to cause a denial of service
or possibly execute arbitrary code with application privileges.
(CVE-2010-3864)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 10.10:
- libssl0.9.8 0.9.8o-1ubuntu4.2
- Ubuntu 10.04 LTS:
- libssl0.9.8 0.9.8k-7ubuntu8.4
- Ubuntu 9.10:
- libssl0.9.8 0.9.8g-16ubuntu3.4
- Ubuntu 8.04 LTS:
- libssl0.9.8 0.9.8g-4ubuntu3.12
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.