ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-1357-1] OpenSSL vulnerabilities (Steve Beattie)
2. [USN-1358-1] PHP vulnerabilities (Steve Beattie)
----------------------------------------------------------------------
Message: 1
Date: Thu, 9 Feb 2012 14:44:17 -0800
From: Steve Beattie <sbeattie@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1357-1] OpenSSL vulnerabilities
Message-ID: <20120209224417.GC25453@nxnw.org>
Content-Type: text/plain; charset="us-ascii"
==========================================================================
Ubuntu Security Notice USN-1357-1
February 09, 2012
openssl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Multiple vulnerabilities exist in OpenSSL that could expose
sensitive information or cause applications to crash.
Software Description:
- openssl: Secure Socket Layer (SSL) binary and related cryptographic tools
Details:
It was discovered that the elliptic curve cryptography (ECC) subsystem
in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm
(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement
curves over binary fields. This could allow an attacker to determine
private keys via a timing attack. This issue only affected Ubuntu 8.04
LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)
Adam Langley discovered that the ephemeral Elliptic Curve
Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread
safety while processing handshake messages from clients. This
could allow a remote attacker to cause a denial of service via
out-of-order messages that violate the TLS protocol. This issue only
affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu
11.04. (CVE-2011-3210)
Nadhem Alfardan and Kenny Paterson discovered that the Datagram
Transport Layer Security (DTLS) implementation in OpenSSL performed a
MAC check only if certain padding is valid. This could allow a remote
attacker to recover plaintext. (CVE-2011-4108)
Antonio Martin discovered that a flaw existed in the fix to address
CVE-2011-4108, the DTLS MAC check failure. This could allow a remote
attacker to cause a denial of service. (CVE-2012-0050)
Ben Laurie discovered a double free vulnerability in OpenSSL that could
be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled. This
could allow a remote attacker to cause a denial of service. This
issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10
and Ubuntu 11.04. (CVE-2011-4109)
It was discovered that OpenSSL, in certain circumstances involving
ECDH or ECDHE cipher suites, used an incorrect modular reduction
algorithm in its implementation of the P-256 and P-384 NIST elliptic
curves. This could allow a remote attacker to obtain the private
key of a TLS server via multiple handshake attempts. This issue only
affected Ubuntu 8.04 LTS. (CVE-2011-4354)
Adam Langley discovered that the SSL 3.0 implementation in OpenSSL
did not properly initialize data structures for block cipher
padding. This could allow a remote attacker to obtain sensitive
information. (CVE-2011-4576)
Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled,
could trigger an assert when handling an X.509 certificate containing
certificate-extension data associated with IP address blocks or
Autonomous System (AS) identifiers. This could allow a remote attacker
to cause a denial of service. (CVE-2011-4577)
Adam Langley discovered that the Server Gated Cryptography (SGC)
implementation in OpenSSL did not properly handle handshake
restarts. This could allow a remote attacker to cause a denial of
service. (CVE-2011-4619)
Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL
did not properly handle invalid parameters. This could allow a remote
attacker to cause a denial of service via crafted data from a TLS
client. This issue only affected Ubuntu 11.10. (CVE-2012-0027)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
libssl1.0.0 1.0.0e-2ubuntu4.2
openssl 1.0.0e-2ubuntu4.2
Ubuntu 11.04:
libssl0.9.8 0.9.8o-5ubuntu1.2
openssl 0.9.8o-5ubuntu1.2
Ubuntu 10.10:
libssl0.9.8 0.9.8o-1ubuntu4.6
openssl 0.9.8o-1ubuntu4.6
Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.8
openssl 0.9.8k-7ubuntu8.8
Ubuntu 8.04 LTS:
libssl0.9.8 0.9.8g-4ubuntu3.15
openssl 0.9.8g-4ubuntu3.15
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1357-1
CVE-2011-1945, CVE-2011-3210, CVE-2011-4108, CVE-2011-4109,
CVE-2011-4354, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619,
CVE-2012-0027, CVE-2012-0050
Package Information:
https://launchpad.net/ubuntu/+source/openssl/1.0.0e-2ubuntu4.2
https://launchpad.net/ubuntu/+source/openssl/0.9.8o-5ubuntu1.2
https://launchpad.net/ubuntu/+source/openssl/0.9.8o-1ubuntu4.6
https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.8
https://launchpad.net/ubuntu/+source/openssl/0.9.8g-4ubuntu3.15
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120209/5df0f401/attachment-0001.pgp>
------------------------------
Message: 2
Date: Thu, 9 Feb 2012 21:01:18 -0800
From: Steve Beattie <sbeattie@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1358-1] PHP vulnerabilities
Message-ID: <20120210050118.GA5914@nxnw.org>
Content-Type: text/plain; charset="us-ascii"
==========================================================================
Ubuntu Security Notice USN-1358-1
February 10, 2012
php5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Multiple vulnerabilities in PHP.
Software Description:
- php5: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP computed hash values for form parameters
without restricting the ability to trigger hash collisions predictably.
This could allow a remote attacker to cause a denial of service by
sending many crafted parameters. (CVE-2011-4885)
ATTENTION: this update changes previous PHP behavior by
limiting the number of external input variables to 1000.
This may be increased by adding a "max_input_vars"
directive to the php.ini configuration file. See
http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars
for more information.
Stefan Esser discovered that the fix to address the predictable hash
collision issue, CVE-2011-4885, did not properly handle the situation
where the limit was reached. This could allow a remote attacker to
cause a denial of service or execute arbitrary code via a request
containing a large number of variables. (CVE-2012-0830)
It was discovered that PHP did not always check the return value of
the zend_strndup function. This could allow a remote attacker to
cause a denial of service. (CVE-2011-4153)
It was discovered that PHP did not properly enforce libxslt security
settings. This could allow a remote attacker to create arbitrary
files via a crafted XSLT stylesheet that uses the libxslt output
extension. (CVE-2012-0057)
It was discovered that PHP did not properly enforce that PDORow
objects could not be serialized and not be saved in a session. A
remote attacker could use this to cause a denial of service via an
application crash. (CVE-2012-0788)
It was discovered that PHP allowed the magic_quotes_gpc setting to
be disabled remotely. This could allow a remote attacker to bypass
restrictions that could prevent an SQL injection. (CVE-2012-0831)
USN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job
for PHP allowed local users to delete arbitrary files via a symlink
attack on a directory under /var/lib/php5/. Emese Revfy discovered
that the fix had not been applied to PHP for Ubuntu 10.04 LTS. This
update corrects the issue. We apologize for the error. (CVE-2011-0441)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
libapache2-mod-php5 5.3.6-13ubuntu3.5
php5 5.3.6-13ubuntu3.5
php5-cgi 5.3.6-13ubuntu3.5
php5-cli 5.3.6-13ubuntu3.5
php5-common 5.3.6-13ubuntu3.5
php5-xsl 5.3.6-13ubuntu3.5
Ubuntu 11.04:
libapache2-mod-php5 5.3.5-1ubuntu7.6
php5 5.3.5-1ubuntu7.6
php5-cgi 5.3.5-1ubuntu7.6
php5-cli 5.3.5-1ubuntu7.6
php5-common 5.3.5-1ubuntu7.6
php5-xsl 5.3.5-1ubuntu7.6
Ubuntu 10.10:
libapache2-mod-php5 5.3.3-1ubuntu9.9
php5 5.3.3-1ubuntu9.9
php5-cgi 5.3.3-1ubuntu9.9
php5-cli 5.3.3-1ubuntu9.9
php5-common 5.3.3-1ubuntu9.9
php5-xsl 5.3.3-1ubuntu9.9
Ubuntu 10.04 LTS:
libapache2-mod-php5 5.3.2-1ubuntu4.13
php5 5.3.2-1ubuntu4.13
php5-cgi 5.3.2-1ubuntu4.13
php5-cli 5.3.2-1ubuntu4.13
php5-common 5.3.2-1ubuntu4.13
php5-xsl 5.3.2-1ubuntu4.13
Ubuntu 8.04 LTS:
libapache2-mod-php5 5.2.4-2ubuntu5.22
php5 5.2.4-2ubuntu5.22
php5-cgi 5.2.4-2ubuntu5.22
php5-cli 5.2.4-2ubuntu5.22
php5-common 5.2.4-2ubuntu5.22
php5-xsl 5.2.4-2ubuntu5.22
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1358-1
CVE-2011-0441, CVE-2011-4153, CVE-2011-4885, CVE-2012-0057,
CVE-2012-0788, CVE-2012-0830, CVE-2012-0831
Package Information:
https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.5
https://launchpad.net/ubuntu/+source/php5/5.3.5-1ubuntu7.6
https://launchpad.net/ubuntu/+source/php5/5.3.3-1ubuntu9.9
https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.13
https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.22
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120209/b17b52e3/attachment-0001.pgp>
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 89, Issue 6
*******************************************************
No comments:
Post a Comment