Jump to content
Flubber

[USN-1064-1] OpenSSL vulnerability; [USN-1065-1] shadow vulnerability

By Flubber, in Stiri securitate

Recommended Posts

Flubber Newbie

Flubber

Posted
Posted

2 urate.

1.

===========================================================

Ubuntu Security Notice USN-1064-1 February 15, 2011

openssl vulnerability

CVE-2011-0014

===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

Ubuntu 10.10

This advisory also applies to the corresponding versions of

Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the

following package versions:

Ubuntu 10.04 LTS:

libssl0.9.8 0.9.8k-7ubuntu8.6

Ubuntu 10.10:

libssl0.9.8 0.9.8o-1ubuntu4.4

After a standard system update you need to reboot your computer to make

all the necessary changes.

Details follow:

Neel Mehta discovered that incorrectly formatted ClientHello handshake

messages could cause OpenSSL to parse past the end of the message.

This could allow a remote attacker to cause a crash and denial of

service by triggering invalid memory accesses.

2.

===========================================================

Ubuntu Security Notice USN-1065-1 February 15, 2011

shadow vulnerability

CVE-2011-0721

===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

Ubuntu 10.04 LTS

Ubuntu 10.10

This advisory also applies to the corresponding versions of

Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the

following package versions:

Ubuntu 9.10:

passwd 1:4.1.4.1-1ubuntu2.2

Ubuntu 10.04 LTS:

passwd 1:4.1.4.2-1ubuntu2.2

Ubuntu 10.10:

passwd 1:4.1.4.2-1ubuntu3.2

In general, a standard system update will make all the necessary changes.

Details follow:

Kees Cook discovered that some shadow utilities did not correctly validate

user input. A local attacker could exploit this flaw to inject newlines into

the /etc/passwd file. If the system was configured to use NIS, this could

lead to existing NIS groups or users gaining or losing access to the system,

resulting in a denial of service or unauthorized access.

Update & packet upgrade:

sudo apt-get update
sudo apt-get upgrade

sudo apt-get clean
sudo apt-get autoclean
sudo apt-get autoremove

sudo shutdown -r 0   -- restart
^ sau: sudo reboot

Primite via RSS

1] http://seclists.org/fulldisclosure/2011/Feb/313

2] http://seclists.org/fulldisclosure/2011/Feb/329

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...