Ubuntu Security Notice (C) 2008-2013 Canonical, Inc. / NASL script (C) 2008-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
It was discovered that OpenSSL was vulnerable to a double-free when
using TLS server extensions. A remote attacker could send a crafted
packet and cause a denial of service via application crash in
applications linked against OpenSSL. Ubuntu 8.04 LTS does not compile
TLS server extensions by default. (CVE-2008-0891)
It was discovered that OpenSSL could dereference a NULL pointer. If a
user or automated system were tricked into connecting to a malicious
server with particular cipher suites, a remote attacker could cause a
denial of service via application crash. (CVE-2008-1672).
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.3