1. Ubuntu Security Notices
  2. USN-704-1

USN-704-1: OpenSSL vulnerability

Publication date

7 January 2009

Overview

OpenSSL vulnerability

Releases

Packages

Details

It was discovered that OpenSSL did not properly perform signature verification
on DSA and ECDSA keys. If user or automated system connected to a malicious
server or a remote attacker were able to perform a machine-in-the-middle attack,
this flaw could be exploited to view sensitive information.

It was discovered that OpenSSL did not properly perform signature verification
on DSA and ECDSA keys. If user or automated system connected to a malicious
server or a remote attacker were able to perform a machine-in-the-middle attack,
this flaw could be exploited to view sensitive information.

Update instructions

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
8.10 intrepid libssl0.9.8 –  0.9.8g-10.1ubuntu2.1
openssl –  0.9.8g-10.1ubuntu2.1
8.04 hardy libssl0.9.8 –  0.9.8g-4ubuntu3.4
openssl –  0.9.8g-4ubuntu3.4
7.10 gutsy libssl0.9.8 –  0.9.8e-5ubuntu3.3
openssl –  0.9.8e-5ubuntu3.3
6.06 dapper libssl0.9.8 –  0.9.8a-7ubuntu0.6
openssl –  0.9.8a-7ubuntu0.6

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›