Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerabilities (USN-1424-1)
High Nessus Plugin ID 58808
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionIt was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker could use this to cause a denial of service. These issues did not affect Ubuntu 8.04 LTS. (CVE-2006-7250, CVE-2012-1165)
Tavis Ormandy discovered that OpenSSL did not properly perform bounds checking when processing DER data via BIO or FILE functions. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. (CVE-2012-2110).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected libssl0.9.8 and / or libssl1.0.0 packages.