A new OpenVPN regression update is available for Ubuntu Linux. Here the announcement:
"Ubuntu Security Notice USN-612-10 June 12, 2008
openvpn regression
https://launchpad.net/bugs/230197
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.04:
openvpn 2.0.9-5ubuntu0.3
Ubuntu 7.10:
openvpn 2.0.9-8ubuntu0.3
Ubuntu 8.04 LTS:
openvpn 2.1~rc7-1ubuntu3.3
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-612-3 addressed a weakness in OpenSSL certificate and key
generation in OpenVPN by adding checks for vulnerable certificates
and keys to OpenVPN. A regression was introduced in OpenVPN when
using TLS with password protected certificates which caused OpenVPN
to not start when used with applications such as NetworkManager.
Original advisory details:
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-5ubuntu0.3.diff.gz
Size/MD5: 61721 95f9cbc60c026db52ebf698e36832e29
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-5ubuntu0.3.dsc
Size/MD5: 641 253b8e4ccbb5e11ba1dba9d37a1265b9
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
.orig.tar.gz
Size/MD5: 669076 60745008b90b7dbe25fe8337c550fec6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-5ubuntu0.3_amd64.deb
Size/MD5: 357046 075f4a00b8aff7049b4f23baced068da
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-5ubuntu0.3_i386.deb
Size/MD5: 337798 4fee6672cb6db4d0be228b644d129d29
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-5ubuntu0.3_powerpc.deb
Size/MD5: 358528 2658d5751bdc4ee25e5bd3d432c4b2bd
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-5ubuntu0.3_sparc.deb
Size/MD5: 336722 755f9f120f5014794f8f0cec49d9203b
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-8ubuntu0.3.diff.gz
Size/MD5: 65179 ae182aa5b68b9f9d4bddd47859cf0ced
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-8ubuntu0.3.dsc
Size/MD5: 642 9a58ebc70f0aff036c8e7acc56e83be7
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
.orig.tar.gz
Size/MD5: 669076 60745008b90b7dbe25fe8337c550fec6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-8ubuntu0.3_amd64.deb
Size/MD5: 362566 303b259e514cf777b08e7676be5d7ab0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-8ubuntu0.3_i386.deb
Size/MD5: 342222 73ed9392ce7b00c92e8505dcf3d80f79
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.=
3_lpia.deb
Size/MD5: 343666 581fdfb7e7d9131926fa55570c96edf0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-8ubuntu0.3_powerpc.deb
Size/MD5: 363846 b5068afe9083e4fcc963bf4bae298615
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=
-8ubuntu0.3_sparc.deb
Size/MD5: 342108 712cf75f7edb5cc59db0ff5ac969f9bf
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7-1=
ubuntu3.3.diff.gz
Size/MD5: 36156 527fa8ebcad65f1cbd130703e134361f
http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7-1=
ubuntu3.3.dsc
Size/MD5: 646 90f272f803fa6e34cd54422b9eac0064
http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7.o=
rig.tar.gz
Size/MD5: 786288 dac8b5104b5eb105ba82b2525d371d58
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7-1=
ubuntu3.3_amd64.deb
Size/MD5: 391374 8783a3d6b5be5469fc0a22e7575cfcbb
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7-1=
ubuntu3.3_i386.deb
Size/MD5: 372674 8e9bd7bb9dc9bc0a8538bb5164a627fa
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.3_=
lpia.deb
Size/MD5: 371686 1b0ee05b907c04d0ce8606c5fecb9f23
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.3_=
powerpc.deb
Size/MD5: 392054 10c3c48b5060c6071c644a5c29b3dd0e
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.3_=
sparc.deb
Size/MD5: 369536 ab9b17960fdc3df59c3cfe61f667bca7
--s/l3CgOIzMHHjg/5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIUb1cW0JvuRdL8BoRAnHrAJ9efxa6w8npgye5glAWqlHNzvjLJQCfQXga
H1X+mqX3277o7rt26NRMa/4=
=vryU
-----END PGP SIGNATURE-----
"
USN-612-5: OpenSSH update
DSA 1587-1: New mtr packages fix execution of arbitrary code
This entry was posted
on 4:32 PM
.
Archives
-
▼
2008
(457)
-
▼
June
(48)
- The Perfect Desktop - OpenSUSE 11 (GNOME)
- USN-620-1: OpenSSL vulnerabilities
- CESA-2008:0290 Critical CentOS 5 x86_64 samba Update
- ruby (SSA:2008-179-01)
- Mot ships new Linux phones
- CESA-2008:0519 Important CentOS 5 x86_64 kernel Up...
- CESA-2008:0519 Important CentOS 5 i386 kernel Update
- Ubuntu MID Edition ships
- CESA-2008:0290 Critical CentOS 5 i386 samba Update
- Battle of the Titans - Mandriva vs openSUSE: The R...
- Open source phone goes mass-market
- RHSA-2008:0133-01 Moderate: IBMJava2 security update
- RHSA-2008:0508-01 Important: kernel security and b...
- Embedding Python In Apache2 With mod_python (Debia...
- CESA-2008:0556 Important CentOS 4 i386 freetype - ...
- CESA-2008:0556 Important CentOS 3 i386 freetype - ...
- CESA-2008:0558-01: Important CentOS 2 i386 freetyp...
- How To Set Up WebDAV With MySQL Authentication On ...
- GLSA 200806-07 X.Org X server: Multiple vulnerabi...
- USN-612-11: openssl-blacklist update
- Linux robot plays frenetic clarinet
- PCLinuxOS GNOME Review
- GNOME 2.23.4 Released
- Linux prominent in chip show awards
- GLSA 200806-06 Evolution: User-assisted execution...
- openSUSE 11.0 released
- CESA-2008:0503 Important CentOS 4 s390(x) xorg-x11...
- Damn Small Linux 4.4 Review
- CESA-2008:0522 Important CentOS 3 s390(x) perl - s...
- USN-617-1: Samba vulnerabilities
- GLSA 200806-05 cbrPager: User-assisted execution ...
- RHSA-2008:0532-01 Important: perl security update
- Mozilla previews Firefox Mobile
- GLSA 200806-04 rdesktop: Multiple vulnerabilities
- USN-612-10: OpenVPN regression
- CESA-2008:0498 Moderate CentOS 3 s390(x) cups - se...
- CESA-2008:0498 Moderate CentOS 3 i386 cups - secur...
- Linux macro benchmark tool stabilizes
- CESA-2008:0498 Moderate CentOS 3 x86_64 cups - sec...
- CESA-2008:0516 Critical CentOS 3 i386 evolution - ...
- GLSA 200806-02 libxslt: Execution of arbitrary code
- RHSA-2008:0498-01 Moderate: cups security update
- GLSA 200805-22 MPlayer: User-assisted execution o...
- CESA-2008:0288 Critical CentOS 4 x86_64 samba Update
- CESA-2008:0288 Critical CentOS 3 s390(x) samba - s...
- CESA-2008:0288 Critical CentOS 4 s390(x) samba - s...
- CESA-2008:0288-01: Critical CentOS 2 i386 samba se...
- RHSA-2008:0288-01 Critical: samba security update
-
▼
June
(48)