USN-113-1: libnet-ssleay-perl vulnerability
Posted on: 05/03/2005 05:43 AM

A libnet-ssleay-perl security update is available for Ubuntu Linux 5.04

Ubuntu Security Notice USN-113-1 May 03, 2005
libnet-ssleay-perl vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to version 1.25-1ubuntu0.2. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Javier Fernandez-Sanguino Pena discovered that this library used the file /tmp/entropy as a fallback entropy source if a proper source was not set in the environment variable EGD_PATH. This can potentially lead to weakened cryptographic operations if an attacker provides a /tmp/entropy file with known content.

The updated package requires the specification of an entropy source with EGD_PATH and also requires that the source is a socket (as opposed to a normal file).

Please note that this only affects systems which have egd installed 3rd third party sources; egd is not shipped with Ubuntu.

Source archives:
Size/MD5: 668 90dfb26e445d7eeb68ee39c69148c649
Size/MD5: 5901 b148bdb144acea8eff268f766b6cb6c0
Size/MD5: 76627 d32f3fa38b1c49a2a98e75577d5dc10b

i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 177492 2a5250e82cd4dac83a061d0e6de68423

powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 182298 d7d20090fb0b24a620f79e50d39ff0a4

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 179592 931ccca9ba5fe8bd0a89152f7b6b6cef

Printed from Linux Compatible (