You are advised to upgrade and reboot your system as soon as possible if you are using the Internet.
USN-706-1: Bind vulnerability: http://www.ubuntu.com/usn/usn-706-1 CVE-2009-0025 It was discovered that Bind did not properly perform certificate verification. When DNSSEC with DSA certificates are in use, a remote attacker could exploit this to bypass certificate validation to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic. USN-705-1: NTP vulnerability: http://www.ubuntu.com/usn/usn-705-1 CVE-2009-0021 It was discovered that NTP did not properly perform signature verification. A remote attacker could exploit this to bypass certificate validation via a malformed SSL/TLS signature. USN-704-1: OpenSSL vulnerability: http://www.ubuntu.com/usn/usn-704-1 CVE-2008-5077 It was discovered that OpenSSL did not properly perform signature verification on DSA and ECDSA keys. If user or automated system connected to a malicious server or a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Important Note: openssl upgrade requires a reboot for changes to take effect! All Ubuntu security notices can be viewed at: http://www.ubuntu.com/usn Cheers, Savvas aka medigeek -- Ubuntu-cy mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-cy
