USN-612-10: OpenVPN regression  

Posted by Daniela Mehler

A new OpenVPN regression update is available for Ubuntu Linux. Here the announcement:
"Ubuntu Security Notice USN-612-10 June 12, 2008
openvpn regression
https://launchpad.net/bugs/230197
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
openvpn 2.0.9-5ubuntu0.3

Ubuntu 7.10:
openvpn 2.0.9-8ubuntu0.3

Ubuntu 8.04 LTS:
openvpn 2.1~rc7-1ubuntu3.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-612-3 addressed a weakness in OpenSSL certificate and key
generation in OpenVPN by adding checks for vulnerable certificates
and keys to OpenVPN. A regression was introduced in OpenVPN when
using TLS with password protected certificates which caused OpenVPN
to not start when used with applications such as NetworkManager.

Original advisory details:
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.


Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-5ubuntu0.3.diff.gz
Size/MD5: 61721 95f9cbc60c026db52ebf698e36832e29
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-5ubuntu0.3.dsc
Size/MD5: 641 253b8e4ccbb5e11ba1dba9d37a1265b9
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
.orig.tar.gz
Size/MD5: 669076 60745008b90b7dbe25fe8337c550fec6

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-5ubuntu0.3_amd64.deb
Size/MD5: 357046 075f4a00b8aff7049b4f23baced068da

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-5ubuntu0.3_i386.deb
Size/MD5: 337798 4fee6672cb6db4d0be228b644d129d29

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-5ubuntu0.3_powerpc.deb
Size/MD5: 358528 2658d5751bdc4ee25e5bd3d432c4b2bd

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-5ubuntu0.3_sparc.deb
Size/MD5: 336722 755f9f120f5014794f8f0cec49d9203b

Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-8ubuntu0.3.diff.gz
Size/MD5: 65179 ae182aa5b68b9f9d4bddd47859cf0ced
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-8ubuntu0.3.dsc
Size/MD5: 642 9a58ebc70f0aff036c8e7acc56e83be7
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
.orig.tar.gz
Size/MD5: 669076 60745008b90b7dbe25fe8337c550fec6

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-8ubuntu0.3_amd64.deb
Size/MD5: 362566 303b259e514cf777b08e7676be5d7ab0

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-8ubuntu0.3_i386.deb
Size/MD5: 342222 73ed9392ce7b00c92e8505dcf3d80f79

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.=
3_lpia.deb
Size/MD5: 343666 581fdfb7e7d9131926fa55570c96edf0

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-8ubuntu0.3_powerpc.deb
Size/MD5: 363846 b5068afe9083e4fcc963bf4bae298615

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-8ubuntu0.3_sparc.deb
Size/MD5: 342108 712cf75f7edb5cc59db0ff5ac969f9bf

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7-1=
ubuntu3.3.diff.gz
Size/MD5: 36156 527fa8ebcad65f1cbd130703e134361f
http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7-1=
ubuntu3.3.dsc
Size/MD5: 646 90f272f803fa6e34cd54422b9eac0064
http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7.o=
rig.tar.gz
Size/MD5: 786288 dac8b5104b5eb105ba82b2525d371d58

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7-1=
ubuntu3.3_amd64.deb
Size/MD5: 391374 8783a3d6b5be5469fc0a22e7575cfcbb

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7-1=
ubuntu3.3_i386.deb
Size/MD5: 372674 8e9bd7bb9dc9bc0a8538bb5164a627fa

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.3_=
lpia.deb
Size/MD5: 371686 1b0ee05b907c04d0ce8606c5fecb9f23

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.3_=
powerpc.deb
Size/MD5: 392054 10c3c48b5060c6071c644a5c29b3dd0e

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.3_=
sparc.deb
Size/MD5: 369536 ab9b17960fdc3df59c3cfe61f667bca7



--s/l3CgOIzMHHjg/5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIUb1cW0JvuRdL8BoRAnHrAJ9efxa6w8npgye5glAWqlHNzvjLJQCfQXga
H1X+mqX3277o7rt26NRMa/4=
=vryU
-----END PGP SIGNATURE-----
"


USN-612-5: OpenSSH update
DSA 1587-1: New mtr packages fix execution of arbitrary code

This entry was posted on 4:32 PM .