Oval Definition:oval:org.mitre.oval:def:12844
Revision Date:2014-06-30Version:19
Title:USN-1003-1 -- openssl vulnerabilities
Description:It was discovered that OpenSSL incorrectly handled return codes from the bn_wexpand function calls. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. It was discovered that OpenSSL incorrectly handled certain private keys with an invalid prime. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-3245
CVE-2010-2939
USN-1003-1
USN-1003-1
Platform(s):Ubuntu 10.04
Ubuntu 10.10
Ubuntu 6.06
Ubuntu 8.04
Ubuntu 9.04
Ubuntu 9.10
Product(s):openssl
Definition Synopsis
  • Release section
  • Ubuntu 9.04 is installed
  • AND Architecture section
  • Architecture independet section
  • Installed architecture is all
  • AND openssl-doc DPKG is earlier than 0.9.8g-15ubuntu3.6
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is amd64
  • OR Installed architecture is i386
  • OR Installed architecture is powerpc
  • OR Installed architecture is sparc
  • OR Installed architecture is lpia
  • AND Packages section
  • libcrypto0.9.8-udeb DPKG is earlier than 0.9.8g-15ubuntu3.6
  • OR libssl0.9.8-dbg DPKG is earlier than 0.9.8g-15ubuntu3.6
  • OR libssl0.9.8 DPKG is earlier than 0.9.8g-15ubuntu3.6
  • OR libssl-dev DPKG is earlier than 0.9.8g-15ubuntu3.6
  • OR openssl DPKG is earlier than 0.9.8g-15ubuntu3.6
  • OR Release section
  • Ubuntu 9.10 is installed
  • AND Architecture section
  • Architecture independet section
  • Installed architecture is all
  • AND openssl-doc DPKG is earlier than 0.9.8g-16ubuntu3.3
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is amd64
  • OR Installed architecture is i386
  • OR Installed architecture is powerpc
  • OR Installed architecture is sparc
  • OR Installed architecture is lpia
  • AND Packages section
  • libcrypto0.9.8-udeb DPKG is earlier than 0.9.8g-16ubuntu3.3
  • OR libssl0.9.8-dbg DPKG is earlier than 0.9.8g-16ubuntu3.3
  • OR libssl0.9.8 DPKG is earlier than 0.9.8g-16ubuntu3.3
  • OR libssl-dev DPKG is earlier than 0.9.8g-16ubuntu3.3
  • OR openssl DPKG is earlier than 0.9.8g-16ubuntu3.3
  • OR Release section
  • Ubuntu 6.06 is installed
  • AND Supported architectures section
  • Installed architecture is sparc
  • OR Installed architecture is i386
  • OR Installed architecture is amd64
  • OR Installed architecture is powerpc
  • AND Packages section
  • libssl0.9.8 DPKG is earlier than 0.9.8a-7ubuntu0.13
  • OR libcrypto0.9.8-udeb DPKG is earlier than 0.9.8a-7ubuntu0.13
  • OR libssl0.9.8-dbg DPKG is earlier than 0.9.8a-7ubuntu0.13
  • OR openssl DPKG is earlier than 0.9.8a-7ubuntu0.13
  • OR libssl-dev DPKG is earlier than 0.9.8a-7ubuntu0.13
  • OR Release section
  • Ubuntu 8.04 is installed
  • AND Architecture section
  • Architecture independet section
  • Installed architecture is all
  • AND openssl-doc DPKG is earlier than 0.9.8g-4ubuntu3.11
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is amd64
  • OR Installed architecture is i386
  • OR Installed architecture is powerpc
  • OR Installed architecture is sparc
  • OR Installed architecture is lpia
  • AND Packages section
  • libcrypto0.9.8-udeb DPKG is earlier than 0.9.8g-4ubuntu3.11
  • OR libssl0.9.8-dbg DPKG is earlier than 0.9.8g-4ubuntu3.11
  • OR libssl0.9.8 DPKG is earlier than 0.9.8g-4ubuntu3.11
  • OR libssl-dev DPKG is earlier than 0.9.8g-4ubuntu3.11
  • OR openssl DPKG is earlier than 0.9.8g-4ubuntu3.11
  • OR Release section
  • Ubuntu 10.10 is installed
  • AND Architecture section
  • Architecture independet section
  • Installed architecture is all
  • AND openssl-doc DPKG is earlier than 0.9.8o-1ubuntu4.1
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is powerpc
  • OR Installed architecture is amd64
  • OR Installed architecture is i386
  • AND Packages section
  • libssl-dev DPKG is earlier than 0.9.8o-1ubuntu4.1
  • OR libssl0.9.8-dbg DPKG is earlier than 0.9.8o-1ubuntu4.1
  • OR openssl DPKG is earlier than 0.9.8o-1ubuntu4.1
  • OR libcrypto0.9.8-udeb DPKG is earlier than 0.9.8o-1ubuntu4.1
  • OR libssl0.9.8 DPKG is earlier than 0.9.8o-1ubuntu4.1
  • OR libssl0.9.8-udeb DPKG is earlier than 0.9.8o-1ubuntu4.1
  • OR Release section
  • Ubuntu 10.04 is installed
  • AND Architecture section
  • Architecture independet section
  • Installed architecture is all
  • AND openssl-doc DPKG is earlier than 0.9.8k-7ubuntu8.3
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is sparc
  • OR Installed architecture is powerpc
  • OR Installed architecture is amd64
  • OR Installed architecture is i386
  • AND Packages section
  • libssl-dev DPKG is earlier than 0.9.8k-7ubuntu8.3
  • OR libssl0.9.8-dbg DPKG is earlier than 0.9.8k-7ubuntu8.3
  • OR openssl DPKG is earlier than 0.9.8k-7ubuntu8.3
  • OR libcrypto0.9.8-udeb DPKG is earlier than 0.9.8k-7ubuntu8.3
  • OR libssl0.9.8 DPKG is earlier than 0.9.8k-7ubuntu8.3
  • OR libssl0.9.8-udeb DPKG is earlier than 0.9.8k-7ubuntu8.3
    • BACK