Ubuntu USN-830-1 (openssl) Network Vulnerability

Summary

The remote host is missing an update to openssl announced via advisory USN-830-1.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.10 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.8 Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.5 Ubuntu 9.04: libssl0.9.8 0.9.8g-15ubuntu3.3 After a standard system upgrade you need to reboot your computer to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-830-1

Insight

Dan Kaminsky discovered OpenSSL would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation.

Severity

Classification

CVE CVE-2009-2409

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for clamav vulnerabilities USN-945-1
Ubuntu Update for apache2 vulnerability USN-990-2
Ubuntu Update for aptdaemon USN-1414-1
Ubuntu Update for apache2 vulnerabilities USN-908-1
Ubuntu Update for dbus USN-2352-1

Take action and discover your vulnerabilities