===========================================================
Ubuntu Security Notice USN-612-6 May 14, 2008
openvpn regression
https://launchpad.net/bugs/230193
https://launchpad.net/bugs/230208
http://www.ubuntu.com/usn/usn-612-3
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
openssl-blacklist 0.1-0ubuntu0.7.04.2
openvpn 2.0.9-5ubuntu0.2

Ubuntu 7.10:
openssl-blacklist 0.1-0ubuntu0.7.10.2
openvpn 2.0.9-8ubuntu0.2

Ubuntu 8.04 LTS:
openssl-blacklist 0.1-0ubuntu0.8.04.2
openvpn 2.1~rc7-1ubuntu3.2

After a standard system upgrade you need to restart openvpn to effect
the necessary changes.

Details follow:

USN-612-3 addressed a weakness in OpenSSL certificate and keys
generation in OpenVPN by adding checks for vulnerable certificates
and keys to OpenVPN. A regression was introduced in OpenVPN when
using TLS, multi-client/server mode, and specifying a user or group
which caused OpenVPN to not start when using valid SSL certificates.

It was also found that openssl-vulnkey from openssl-blacklist
would fail when stderr was not available. This caused OpenVPN to
fail to start when used with applications such as NetworkManager.

This update fixes these problems. We apologize for the
inconvenience.

Original advisory details:

A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.

===========================================================
Ubuntu Security Notice USN-612-5 May 14, 2008
openssh update
https://launchpad.net/bugs/230029
http://www.ubuntu.com/usn/usn-612-2
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
openssh-client 1:4.3p2-8ubuntu1.4
openssh-client-udeb 1:4.3p2-8ubuntu1.4

Ubuntu 7.10:
openssh-client 1:4.6p1-5ubuntu0.5
openssh-client-udeb 1:4.6p1-5ubuntu0.5

Ubuntu 8.04 LTS:
openssh-client 1:4.7p1-8ubuntu1.2
openssh-client-udeb 1:4.7p1-8ubuntu1.2

After performing a standard system upgrade, users are encouraged to
re-run ssh-vulnkey on their systems.

Details follow:

Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys
with options (such as "no-port-forwarding" or forced commands) were
ignored by the new ssh-vulnkey tool introduced in OpenSSH (see
USN-612-2). This could cause some compromised keys not to be
listed in ssh-vulnkey's output.

This update also adds more information to ssh-vulnkey's manual page.

Original advisory details:

A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.

===========================================================
Ubuntu Security Notice USN-612-4 May 14, 2008
ssl-cert vulnerability
CVE-2008-0166, http://www.ubuntu.com/usn/usn-612-1
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
ssl-cert 1.0.13-0ubuntu0.7.04.1

Ubuntu 7.10:
ssl-cert 1.0.14-0ubuntu0.7.10.1

Ubuntu 8.04 LTS:
ssl-cert 1.0.14-0ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-612-1 fixed vulnerabilities in openssl. This update provides the
corresponding updates for ssl-cert -- potentially compromised snake-oil
SSL certificates will be regenerated.

Original advisory details:

A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.

This vulnerability only affects operating systems which (like
Ubuntu) are based on Debian. However, other systems can be
indirectly affected if weak keys are imported into them.

We consider this an extremely serious vulnerability, and urge all
users to act immediately to secure their systems. (CVE-2008-0166)

== Who is affected ==

Systems which are running any of the following releases:

* Ubuntu 7.04 (Feisty)
* Ubuntu 7.10 (Gutsy)
* Ubuntu 8.04 LTS (Hardy)
* Ubuntu "Intrepid Ibex" (development): libssl <= 0.9.8g-8
* Debian 4.0 (etch) (see corresponding Debian security advisory)

and have openssh-server installed or have been used to create an
OpenSSH key or X.509 (SSL) certificate.

All OpenSSH and X.509 keys generated on such systems must be
considered untrustworthy, regardless of the system on which they
are used, even after the update has been applied.

This includes the automatically generated host keys used by OpenSSH,
which are the basis for its server spoofing and man-in-the-middle
protection.

===========================================================
Ubuntu Security Notice USN-612-3 May 13, 2008
openvpn vulnerability
CVE-2008-0166, http://www.ubuntu.com/usn/usn-612-1
===========================================================

A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of shared encryption keys and SSL/TLS
certificates in OpenVPN.

This vulnerability only affects operating systems which (like
Ubuntu) are based on Debian. However, other systems can be
indirectly affected if weak keys are imported into them.

We consider this an extremely serious vulnerability, and urge all
users to act immediately to secure their systems.

The following Ubuntu releases are affected:

Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
openvpn 2.0.9-5ubuntu0.1

Ubuntu 7.10:
openvpn 2.0.9-8ubuntu0.1

Ubuntu 8.04 LTS:
openvpn 2.1~rc7-1ubuntu3.1


Details follow:

Once the update is applied, weak shared encryption keys and
SSL/TLS certificates will be rejected where possible (though
they cannot be detected in all cases). If you are using such
keys or certificates, OpenVPN will not start and the keys or
certificates will need to be regenerated.

The safest course of action is to regenerate all OpenVPN
certificates and key files, except where it can be established
to a high degree of certainty that the certificate or shared key
was generated on an unaffected system.

Once the update is applied, you can check for weak OpenVPN shared
secret keys with the openvpn-vulnkey command.

$ openvpn-vulnkey /path/to/key

OpenVPN shared keys can be regenerated using the openvpn command.

$ openvpn --genkey --secret

Additionally, you can check for weak SSL/TLS certificates by
installing openssl-blacklist via your package manager, and using
the openssl-vulnkey command.

$ openssl-vulnkey /path/to/key

Please note that openssl-vulnkey only checks RSA private keys
with 1024 and 2048 bit lengths. If in doubt, destroy the
certificate and/or key and generate a new one. Please consult the
OpenVPN documentation when recreating SSL/TLS certificates.

Also, if certificates have been generated for use on other systems,
they must be found and replaced as well.

===========================================================
Ubuntu Security Notice USN-612-2 May 13, 2008
openssh vulnerability
CVE-2008-0166, http://www.ubuntu.com/usn/usn-612-1
===========================================================

A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH.

This vulnerability only affects operating systems which (like
Ubuntu) are based on Debian. However, other systems can be
indirectly affected if weak keys are imported into them.

We consider this an extremely serious vulnerability, and urge all
users to act immediately to secure their systems.

The following Ubuntu releases are affected:

Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.


Updating your system:

1. Install the security updates

Ubuntu 7.04:
openssh-client 1:4.3p2-8ubuntu1.3
openssh-server 1:4.3p2-8ubuntu1.3

Ubuntu 7.10:
openssh-client 1:4.6p1-5ubuntu0.3
openssh-server 1:4.6p1-5ubuntu0.3

Ubuntu 8.04 LTS:
openssh-client 1:4.7p1-8ubuntu1.1
openssh-server 1:4.7p1-8ubuntu1.1

Once the update is applied, weak user keys will be automatically
rejected where possible (though they cannot be detected in all
cases). If you are using such keys for user authentication,
they will immediately stop working and will need to be replaced
(see step 3).

OpenSSH host keys can be automatically regenerated when the
OpenSSH security update is applied. The update will prompt for
confirmation before taking this step.

2. Update OpenSSH known_hosts files

The regeneration of host keys will cause a warning to be displayed
when connecting to the system using SSH until the host key is
updated in the known_hosts file. The warning will look like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)! It is also possible that the RSA host key has just been
changed.

In this case, the host key has simply been changed, and you
should update the relevant known_hosts file as indicated in the
error message.

3. Check all OpenSSH user keys

The safest course of action is to regenerate all OpenSSH user
keys, except where it can be established to a high degree of
certainty that the key was generated on an unaffected system.

Check whether your key is affected by running the ssh-vulnkey
tool, included in the security update. By default, ssh-vulnkey
will check the standard location for user keys (~/.ssh/id_rsa,
~/.ssh/id_dsa and ~/.ssh/identity), your authorized_keys file
(~/.ssh/authorized_keys and ~/.ssh/authorized_keys2), and the
system's host keys (/etc/ssh/ssh_host_dsa_key and
/etc/ssh/ssh_host_rsa_key).

To check all your own keys, assuming they are in the standard
locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity):

$ ssh-vulnkey

To check all keys on your system:

$ sudo ssh-vulnkey -a

To check a key in a non-standard location:

$ ssh-vulnkey /path/to/key

If ssh-vulnkey says "COMPROMISED", the key is vulnerable and
should be replaced.

If ssh-vulnkey says "Unknown (no blacklist information)",
then it has no information about whether that key is affected
because the key is of a type for which no blacklist is
available.

If in doubt, destroy the key and generate a new one.

4. Regenerate any affected user keys

OpenSSH keys used for user authentication must be manually
regenerated, including those which may have since been
transferred to a different system after being generated.

New keys can be generated using ssh-keygen, e.g.:

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 user@host

5. Update authorized_keys files (if necessary)

Once the user keys have been regenerated, the relevant public
keys must be propagated to any authorized_keys files on
remote systems. Be sure to delete the affected key.

===========================================================
Ubuntu Security Notice USN-612-1 May 13, 2008
openssl vulnerability
CVE-2008-0166
===========================================================

A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.

This vulnerability only affects operating systems which (like
Ubuntu) are based on Debian. However, other systems can be
indirectly affected if weak keys are imported into them.

We consider this an extremely serious vulnerability, and urge all
users to act immediately to secure their systems. (CVE-2008-0166)

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

== Who is affected ==

Systems which are running any of the following releases:

* Ubuntu 7.04 (Feisty)
* Ubuntu 7.10 (Gutsy)
* Ubuntu 8.04 LTS (Hardy)
* Ubuntu "Intrepid Ibex" (development): libssl <= 0.9.8g-8
* Debian 4.0 (etch) (see corresponding Debian security advisory)

and have openssh-server installed or have been used to create an
OpenSSH key or X.509 (SSL) certificate.

All OpenSSH and X.509 keys generated on such systems must be
considered untrustworthy, regardless of the system on which they
are used, even after the update has been applied.

This includes the automatically generated host keys used by OpenSSH,
which are the basis for its server spoofing and man-in-the-middle
protection.

Blacklists have been created for certain known-vulnerable keys and
certificates. Please see the following advisories for more
information:

http://www.ubuntu.com/usn/usn-612-2 (OpenSSH)
http://www.ubuntu.com/usn/usn-612-3 (OpenVPN)
http://www.ubuntu.com/usn/usn-612-4 (ssl-cert)
http://www.ubuntu.com/usn/usn-612-5 (OpenSSH update)

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
libssl0.9.8 0.9.8c-4ubuntu0.3

Ubuntu 7.10:
libssl0.9.8 0.9.8e-5ubuntu3.2

Ubuntu 8.04 LTS:
libssl0.9.8 0.9.8g-4ubuntu3.1