Ubuntu Update For Openssl Vulnerabilities USN-620-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-620-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that OpenSSL was vulnerable to a double-free when using TLS server extensions. A remote attacker could send a crafted packet and cause a denial of service via application crash in applications linked against OpenSSL. Ubuntu 8.04 LTS does not compile TLS server extensions by default. (CVE-2008-0891) It was discovered that OpenSSL could dereference a NULL pointer. If a user or automated system were tricked into connecting to a malicious server with particular cipher suites, a remote attacker could cause a denial of service via application crash. (CVE-2008-1672)

Affected

openssl vulnerabilities on Ubuntu 8.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-June/000722.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-0891, CVE-2008-1672

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Ubuntu Update for backuppc USN-1444-1
Ubuntu Update for apr-util vulnerability USN-1022-1
Ubuntu Update for bogofilter vulnerability USN-980-1
Ubuntu Update for avahi vulnerability USN-402-1
Ubuntu Update for clamav USN-1482-2

Ubuntu Update for openssl vulnerabilities USN-620-1

Take action and discover your vulnerabilities