Linux / BSD and UNIX like operating systems includes software from the OpenSSL Project. The OpenSSL is commercial-grade, industry-strength, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as general purpose cryptography library.
The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a “man in the middle” attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation.
This update has been rated as having important security impact on FreeBSD, all version of Ubuntu / Debian, Red Hat (RHEL), CentOS, Fedora and other open source operating system that depends upon OpenSSL.
Canonical Ltd has issued updates for its Kernel package to plug multiple security holes. A security issue affects all Ubuntu Linux versions.
An updated firefox package that fixes several security issues is now available for various Linux distributions. All Mozilla Firefox users should upgrade to this updated package as update has been rated as having critical security impact.
Multiple buffer overflows were discovered in the Ubuntu Linux kernel and can be corrected by upgrading your system to latest kernel version.
The PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service.
Updated freetype packages that fix various security issues are now available for CentOS / Red Hat Enterprise Linux 3, 4, 5 and 2.1 server software.
Updated openoffice.org packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4.