[USN-3628-1] OpenSSL vulnerability

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[USN-3628-1] OpenSSL vulnerability

Leonidas S. Barbosa
Ubuntu Security Notice USN-3628-1
April 19, 2018

openssl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS


OpenSSL could allow access to sensitve information.

Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools


Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis
Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA
key generation. An attacker could possibly use this issue to perform a
cache-timing attack and recover private RSA keys.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  libssl1.0.0                     1.0.2g-1ubuntu13.5

Ubuntu 16.04 LTS:
  libssl1.0.0                     1.0.2g-1ubuntu4.12

Ubuntu 14.04 LTS:
  libssl1.0.0                     1.0.1f-1ubuntu2.25

After a standard system update you need to reboot your computer to make
all the necessary changes.


Package Information:
ubuntu-security-announce mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

signature.asc (836 bytes) Download Attachment