Ubuntu Update For Openssl USN-1424-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1424-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker could use this to cause a denial of service. These issues did not affect Ubuntu 8.04 LTS. (CVE-2006-7250, CVE-2012-1165) Tavis Ormandy discovered that OpenSSL did not properly perform bounds checking when processing DER data via BIO or FILE functions. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. (CVE-2012-2110)

Affected

openssl on Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

Severity

Classification

CVE CVE-2006-7250, CVE-2012-1165, CVE-2012-2110

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for dhcp vulnerability USN-531-1
Ubuntu Update for dhcp3 USN-1108-2
Ubuntu Update for evince vulnerabilities USN-1035-1
Ubuntu Update for bind9 vulnerabilities USN-418-1
Ubuntu Update for emacs23 USN-1586-1

Ubuntu Update for openssl USN-1424-1

Take action and discover your vulnerabilities