- Detalji os-a: LUB
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-2079-1
January 09, 2014
openssl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 13.10
– Ubuntu 13.04
– Ubuntu 12.10
– Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description:
– openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Anton Johansson discovered that OpenSSL incorrectly handled certain invalid
TLS handshakes. A remote attacker could use this issue to cause OpenSSL to
crash, resulting in a denial of service. (CVE-2013-4353)
Ron Barber discovered that OpenSSL used an incorrect data structure to
obtain a version number. A remote attacker could use this issue to cause
OpenSSL to crash, resulting in a denial of service. (CVE-2013-6449)
Dmitry Sobinov discovered that OpenSSL incorrectly handled certain DTLS
retransmissions. A remote attacker could use this issue to cause OpenSSL to
crash, resulting in a denial of service. (CVE-2013-6450)
This update also disables the default use of the RdRand feature of certain
Intel CPUs as the sole source of entropy.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
libssl1.0.0 1.0.1e-3ubuntu1.1
Ubuntu 13.04:
libssl1.0.0 1.0.1c-4ubuntu8.2
Ubuntu 12.10:
libssl1.0.0 1.0.1c-3ubuntu2.6
Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.11
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2079-1
CVE-2013-4353, CVE-2013-6449, CVE-2013-6450
Package Information:
https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.1
https://launchpad.net/ubuntu/+source/openssl/1.0.1c-4ubuntu8.2
https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.6
https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.11
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJSzw1qAAoJEGVp2FWnRL6TP+4P/3PIGpBUdJIdrBvN6MULgCm9
tTwxUjEkNW9IXW9AkhJ3oZdJeaqGTPyGWaY7ZtfYKDR/0uRObVgvmj6ehJW8bksU
sVvf2HUtvcU5VtBLE8wOQ9XfYVkISw0zTbrbxPApDvIxUzdd3p8jhn6gkEE4nZ+J
ynhCYr23O8zKwkO0jRRvfAUXkOIt+OZiOj7X9v3Q0Q8DMsqq86H7v5M7Z6HfFCzd
9QlAKk3ow1xT3pexREAjktmXTFbyq3MQOJpdsvMqSovNCEX8I38ryzYXvLyTdKLY
5EklMj5wDIb/fdJWtVO+DePBLL26oFEgnaN0uyF28vc0SlFZrEiPsuReGbYhlzax
ZGveePmsaRhpewRdBPow6Zz0wYheronxb4di3AzyQc/6UFlB2hUleRALs4d7Dibf
iWtVeE8AW1L9sHcEO+YbwotgkG8UeEgcPOqPckFprOwHEO15Bb4l/twQESBV6hD1
hcFibMQr2VK0IDfe7Lzn5r0LN4/logEdoEsHCRW/c/UUTVD17Xnn0SIZnuPSnfR6
AXoA1WPe5GobplnvIEb+MYUUhPo9BfQyzPGXAG2A/igrySnwD/IjRMsy567c2NUl
Y6TLhACzON36Y54Wo8m7IzA/Cn7Gs+QNSHl3keuEHhbZm/7zL1LBOrTrfHeJttxU
QN/7rfLLYZ2Bc4htqswK
=KNaR
—–END PGP SIGNATURE—–
—
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2014-01-0010-ADV |
| Cve | CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 |
| ID izvornika | USN-2079-1 |
| Proizvod | openssl |
| Izvor | http://www.ubuntu.com |
