News

=========================================================== Ubuntu Security Notice USN-113-1 May 03, 2005 libnet-ssleay-perl vulnerability CAN-2005-0106 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: libnet-ssleay-perl The problem can be corrected by upgrading the affected package to version 1.25-1ubuntu0.2. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Javier Fernandez-Sanguino Pena discovered that this library used the file /tmp/entropy as a fallback entropy source if a proper source was not set in the environment variable EGD_PATH. This can potentially lead to weakened cryptographic operations if an attacker provides a /tmp/entropy file with known content. The updated package requires the specification of an entropy source with EGD_PATH and also requires that the source is a socket (as opposed to a normal file). Please note that this only affects systems which have egd installed from third party sources; egd is not shipped with Ubuntu.