Ubuntu USN-750-1 (openssl) Network Vulnerability

Summary

The remote host is missing an update to openssl announced via advisory USN-750-1.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.7 Ubuntu 7.10: libssl0.9.8 0.9.8e-5ubuntu3.4 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.5 Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.2 After a standard system upgrade you need to reboot your computer to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-750-1

Insight

It was discovered that OpenSSL did not properly validate the length of an encoded BMPString or UniversalString when printing ASN.1 strings. If a user or automated system were tricked into processing a crafted certificate, an attacker could cause a denial of service via application crash in applications linked against OpenSSL.

Severity

Classification

CVE CVE-2009-0590

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Ubuntu Update for bind9 USN-1139-1
Ubuntu Update for curl USN-2167-1
Ubuntu Update for bzip2 vulnerability USN-986-1
Ubuntu Update for awstats vulnerability USN-1047-1
Ubuntu Update for clamav vulnerability USN-1076-1

Take action and discover your vulnerabilities