=========================================================== Ubuntu Security Notice USN-353-2 October 04, 2006 openssl vulnerability CVE-2006-2940 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libssl0.9.7 0.9.7e-3ubuntu0.6 Ubuntu 5.10: libssl0.9.7 0.9.7g-1ubuntu1.5 Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.3 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: USN-353-1 fixed several vulnerabilities in OpenSSL. However, Mark J Cox noticed that the applied patch for CVE-2006-2940 was flawed. This update corrects that patch. For reference, this is the relevant part of the original advisory: Certain types of public key could take disproportionate amounts of time to process. The library now limits the maximum key exponent size to avoid Denial of Service attacks. (CVE-2006-2940) Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6.diff.gz Size/MD5: 31740 97bbcc504a6a95a33dbbdc5cbd37229e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6.dsc Size/MD5: 645 6d09dca9825c7249d785a307b0425ae9 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e.orig.tar.gz Size/MD5: 3043231 a8777164bca38d84e5eb2b1535223474 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.6_amd64.udeb Size/MD5: 495260 fd92e08373a92041809218c214823b73 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.6_amd64.deb Size/MD5: 2694372 eb5ca3d700f0cc9212c41b6f734b4f88 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.6_amd64.deb Size/MD5: 770484 3ea407d9dade085833bbf317486b04c8 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6_amd64.deb Size/MD5: 904306 ed9e6cd718227584e7ad53127c20792a i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.6_i386.udeb Size/MD5: 433546 a9c706c6822ac597b71ea68f39b222db http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.6_i386.deb Size/MD5: 2493948 adf386221e765a18e8a0c8e0d741f2b9 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.6_i386.deb Size/MD5: 2243670 e7d78553fcc4be0c6d78be9af286277d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6_i386.deb Size/MD5: 901660 dbbcff730990c1b5e499ea5ce73f13be powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.6_powerpc.udeb Size/MD5: 499482 19be15b0af113962bed13516f77f9de4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.6_powerpc.deb Size/MD5: 2775178 33815f085aa8fe83ff6c7f6e0558c50b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.6_powerpc.deb Size/MD5: 780064 d5d41d880620b041859716fa27647cf7 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.6_powerpc.deb Size/MD5: 908756 b70e6794f0761eefb77e0ecafe0a2e7f Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5.diff.gz Size/MD5: 32414 b229018d41456fea8a0a0cd07ed666ac http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5.dsc Size/MD5: 657 f490ddbc922b8f99f7d76b8b4d9e7554 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g.orig.tar.gz Size/MD5: 3132217 991615f73338a571b6a1be7d74906934 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.5_amd64.udeb Size/MD5: 499082 8d5e5984dc233f31a5dbeea947608279 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.5_amd64.deb Size/MD5: 2700700 1fb82d9ef43428f64ee1ed77c9a84c3b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.5_amd64.deb Size/MD5: 774050 a14cd3488b047eedd5c6a511d17d3848 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5_amd64.deb Size/MD5: 913768 497ff7cb1442d0edebcd112372008762 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.5_i386.udeb Size/MD5: 430860 5e835590b53eaa89ec7cd2bc2e1b99a8 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.5_i386.deb Size/MD5: 2480760 abe67af668e4359a7ea1544999d4fa3a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.5_i386.deb Size/MD5: 2204166 1a49e73dc08337207bdf1fdd35da9b3c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5_i386.deb Size/MD5: 905070 2b4ed16c32c85c3e171c74ecf47d48f2 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.5_powerpc.udeb Size/MD5: 476068 9e80d79f4baa0649780b07661fa0006f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.5_powerpc.deb Size/MD5: 2657462 415168d23fdd5cd5aadab1817af14dc8 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.5_powerpc.deb Size/MD5: 753114 76b57913747daa2efa625e4dbd2c0945 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5_powerpc.deb Size/MD5: 910852 501f4e45f0c958a587504a214638593d sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.5_sparc.udeb Size/MD5: 452400 f388d5550604ea1c194943565c9c88f8 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.5_sparc.deb Size/MD5: 2570894 53f9512bddf32bf101fc563e105b38df http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.5_sparc.deb Size/MD5: 1792802 b36edc4a2383542b40806a5ad17fa397 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.5_sparc.deb Size/MD5: 918750 37f5cad9302acd8732e35759d8285388 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3.diff.gz Size/MD5: 38727 0de47d9b6073c3eb3b0aaeb1ec19557c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3.dsc Size/MD5: 842 37bb6220c7bc2b8248a7cb4f0c435c87 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.3_amd64.udeb Size/MD5: 571660 9f5da17c29b6008f5187dc29a994dec6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.3_amd64.deb Size/MD5: 2167096 37193ba610eb183727b08a8d29a52370 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.3_amd64.deb Size/MD5: 1681718 28b7991056396dd84066fa12feaddb3d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.3_amd64.deb Size/MD5: 874776 77dad585b05064144a5a5081553a916f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3_amd64.deb Size/MD5: 984456 f151de60b61e372a4f45191b224aab89 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.3_i386.udeb Size/MD5: 509408 bede1435d39bad1a9350b068d816e2fd http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.3_i386.deb Size/MD5: 2023440 3c4052d07abe7d7984a774ca815ba4cf http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.3_i386.deb Size/MD5: 5049972 9ee23d1cf22447597f74709e94ce5b00 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.3_i386.deb Size/MD5: 2594438 73e77f375a0971b6a7d348f5f13e7e45 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3_i386.deb Size/MD5: 975868 6de7e21c1aae9aed6ecd022e8ef23d48 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.3_powerpc.udeb Size/MD5: 557826 561f2c09651e10bb80c15f22795d5d67 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.3_powerpc.deb Size/MD5: 2180710 61ebd17beaac083dca963e929e41efbd http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.3_powerpc.deb Size/MD5: 1726292 151d9af6d167204709bf147645841965 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.3_powerpc.deb Size/MD5: 861142 33e665ab46e0b2f49b5a7aab94bbfb62 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3_powerpc.deb Size/MD5: 980002 779342146ba762133545d748cea0f2c7 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.3_sparc.udeb Size/MD5: 530758 abfbc69a6f30ed2f53eaccd68916f54c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.3_sparc.deb Size/MD5: 2092540 aebf715141756e6adfd1c2c3b1245790 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.3_sparc.deb Size/MD5: 3941106 139f6bcdb0b7f8664a2361c40a86e74e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.3_sparc.deb Size/MD5: 2090902 574fde5c22ff1d3b31f7cd3d91df1c86 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.3_sparc.deb Size/MD5: 987962 99b8b5715a58a54264abcfe193d26e3a