Tuesday, February 13, 2024

[USN-6632-1] OpenSSL vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmXLZvsFAwAAAAAACgkQa1+PL+d1/Eiw
4AwAql6KfCIVIkUr1ZzZpcf0RSIcHpILtKwmuULgAHo3SLyypJR8HlQYXh7WYiybuzYqoPOqVj19
rOTghOm3MXXdM779H1v2bT6cDQ0ZplVNdRIbx6qWIzQkK1C3+HKHctuXhY3lSA2nbkmyhoAQQ27t
+GGeHpQ3J6qxNAQBi9D7MGw0B7xf53n6vwNkkEroHaoHxilOPmcxvcEEmdCBZjDiAqpPKaK6O42R
7OUkgaZwN7tKv/T1/mGcw1XeckAtvOk9oh1aIgFpt1dGq4fcoRj989kAN+RXt1mS+F6EelYyCvgW
qprwi4ZtUWAzyfQTR4GZPPNWpPOmgFkVMWDqN3PGx3iMV5b+YWiDpWjrswXKT0gSwxUTKyRGV451
gqZayrIOk0zy/m1Wuep0Ciud0TDiduqXURT+CioSsXq7yGrxAMxWToojHAT7A9NAgY3fRgmqu7JB
rjEeRYSZ4LNgMkxUJk2W62F2FnKZdFSsxouk2IWaW0tsrYew2CGHFYvTa+91
=lK82
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6632-1
February 13, 2024

openssl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in OpenSSL.

Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

David Benjamin discovered that OpenSSL incorrectly handled excessively long
X9.42 DH keys. A remote attacker could possibly use this issue to cause
OpenSSL to consume resources, leading to a denial of service.
(CVE-2023-5678)

Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed
PKCS12 files. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. (CVE-2024-0727)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  libssl1.1                       1.1.1-1ubuntu2.1~18.04.23+esm4

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  libssl1.0.0                     1.0.2g-1ubuntu4.20+esm11

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6632-1
  CVE-2023-5678, CVE-2024-0727

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)