TUCoPS :: Linux :: Ubuntu :: bx3178.htm

OpenVPN regression
OpenVPN regression
OpenVPN regression




--z4+8/lEcDcG5Ke9S
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=========================================================== 
Ubuntu Security Notice USN-612-6               May 14, 2008
openvpn regression
https://launchpad.net/bugs/230193
https://launchpad.net/bugs/230208
http://www.ubuntu.com/usn/usn-612-3 
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
  openssl-blacklist               0.1-0ubuntu0.7.04.2
  openvpn                         2.0.9-5ubuntu0.2

Ubuntu 7.10:
  openssl-blacklist               0.1-0ubuntu0.7.10.2
  openvpn                         2.0.9-8ubuntu0.2

Ubuntu 8.04 LTS:
  openssl-blacklist               0.1-0ubuntu0.8.04.2
  openvpn                         2.1~rc7-1ubuntu3.2

After a standard system upgrade you need to restart openvpn to effect
the necessary changes.

Details follow:

USN-612-3 addressed a weakness in OpenSSL certificate and keys
generation in OpenVPN by adding checks for vulnerable certificates
and keys to OpenVPN. A regression was introduced in OpenVPN when
using TLS and multi-client/server which caused OpenVPN to not start 
when using valid SSL certificates.

It was also found that openssl-vulnkey from openssl-blacklist
would fail when stderr was not available. This caused OpenVPN to
fail to start when used with applications such as NetworkManager.

This update fixes these problems. We apologize for the
inconvenience.

Original advisory details:

 A weakness has been discovered in the random number generator used
 by OpenSSL on Debian and Ubuntu systems.  As a result of this
 weakness, certain encryption keys are much more common than they
 should be, such that an attacker could guess the key through a
 brute-force attack given minimal knowledge of the system.  This
 particularly affects the use of encryption keys in OpenSSH, OpenVPN
 and SSL certificates.


Updated packages for Ubuntu 7.04:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.04.2.dsc 
      Size/MD5:      548 6fbd0fe22ee9e03f7953beab58f769c2
http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.04.2.tar.gz 
      Size/MD5:  7778456 eee4434860560905a3af66468100a348
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2.diff.gz 
      Size/MD5:    61701 d39b369ff928f451c70bf0779e75f405
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2.dsc 
      Size/MD5:      641 262ef73ef3557dc4959889b46848138e
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=2Eorig.tar.gz 
      Size/MD5:   669076 60745008b90b7dbe25fe8337c550fec6

  Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.04.2_all.deb 
      Size/MD5:  3535226 ad5b8c02f9edf0c7701867fcace63d99

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2_amd64.deb 
      Size/MD5:   356590 f64d86a6b713cd8326a905e857c3d828

  i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2_i386.deb 
      Size/MD5:   337570 f6898a1af5591c8f8ca93bf3241c7553

  powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2_powerpc.deb 
      Size/MD5:   358182 501e0707d6190c33fb0570f5ca1b3541

  sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-5ubuntu0.2_sparc.deb 
      Size/MD5:   336370 d18a832bf8564796069c8e66e8c6fb5a

Updated packages for Ubuntu 7.10:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.10.2.dsc 
      Size/MD5:      548 8abff8f249ed0e1a0e944716a7bc917b
http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.10.2.tar.gz 
      Size/MD5:  7778457 79b3c02e1d9c759172e8bd696a3d392c
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.2.diff.gz 
      Size/MD5:    65145 40ac90ce5aca10e2be6410eef3bc7d45
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.2.dsc 
      Size/MD5:      642 350b124caa02ab5015a7faae3d5d11d6
http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9=2Eorig.tar.gz 
      Size/MD5:   669076 60745008b90b7dbe25fe8337c550fec6

  Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.7.10.2_all.deb 
      Size/MD5:  3535452 16cee119a4c57d8d6644e638273c831d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.2_amd64.deb 
      Size/MD5:   362166 087beb48ed1ec72f4aac38d425e404af

  i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.2_i386.deb 
      Size/MD5:   341986 c2d7d6f13b7b8f94c4687d7dcd0e5940

  lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.2_lpia.deb 
      Size/MD5:   343546 bc15cd4c335ef8a007f85cff8e1e308f

  powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.2_powerpc.deb 
      Size/MD5:   363492 75ca3479943634cff266abdb10d9635d

  sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.2_sparc.deb 
      Size/MD5:   341774 ae2df701be65b3cf2cbae44ae3f47fbc

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.8.04.2.dsc 
      Size/MD5:      548 a4ba4a5fefb358127a9887ead15899fb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.8.04.2.tar.gz 
      Size/MD5:  7778452 ed6ed6c9d44d498da27c467112da51dc
http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.2.diff.gz 
      Size/MD5:    36383 df12dec18746624b44785c17444ac461
http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.2.dsc 
      Size/MD5:      646 1e4f69e842af1e8dfedba7df39e500ef
http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7.orig.tar.gz 
      Size/MD5:   786288 dac8b5104b5eb105ba82b2525d371d58

  Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/o/openssl-blacklist/openssl-blacklist_0.1-0ubuntu0.8.04.2_all.deb 
      Size/MD5:  3534948 258d2779ea1fb5fe8dd67eb9f920ed06

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.2_amd64.deb 
      Size/MD5:   391056 7756bf70867fc0a28f448b94af4bcdf3

  i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.2_i386.deb 
      Size/MD5:   372454 f9c5766c86e6f20dab634ccf48a890a0

  lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.2_lpia.deb 
      Size/MD5:   371466 14e8bc2c2adc623e65b2e862b4d56ab2

  powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.2_powerpc.deb 
      Size/MD5:   391702 92b67d4672dd43d46ee52da557289760

  sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/o/openvpn/openvpn_2.1~rc7-1ubuntu3.2_sparc.deb 
      Size/MD5:   369260 ae821d7f2f582c459e1796d7fa587da1



--z4+8/lEcDcG5Ke9S
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIK0mJW0JvuRdL8BoRAjvzAKCBQZ1z90hZTXYar64nyV8Yo0ZXFgCgl05E
8eDK7ZTIrpYU3AyT+OGABWg=P1LD
-----END PGP SIGNATURE-----

--z4+8/lEcDcG5Ke9S--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH