USN-1029-1: OpenSSL vulnerabilities
Ubuntu Security Notice USN-1029-1
7th December, 2010
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Software description
- openssl
Details
It was discovered that an old bug workaround in the SSL/TLS
server code allowed an attacker to modify the stored session cache
ciphersuite. This could possibly allow an attacker to downgrade the
ciphersuite to a weaker one on subsequent connections. (CVE-2010-4180)
It was discovered that an old bug workaround in the SSL/TLS
server code allowed an attacker to modify the stored session cache
ciphersuite. An attacker could possibly take advantage of this to
force the use of a disabled cipher. This vulnerability only affects
the versions of OpenSSL in Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and
Ubuntu 9.10. (CVE-2008-7270)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 10.10:
- libssl0.9.8 0.9.8o-1ubuntu4.3
- Ubuntu 10.04 LTS:
- libssl0.9.8 0.9.8k-7ubuntu8.5
- Ubuntu 9.10:
- libssl0.9.8 0.9.8g-16ubuntu3.5
- Ubuntu 8.04 LTS:
- libssl0.9.8 0.9.8g-4ubuntu3.13
- Ubuntu 6.06 LTS:
- libssl0.9.8 0.9.8a-7ubuntu0.14
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.