[USN-3692-2] OpenSSL vulnerabilities
Leonidas S. Barbosa
leo.barbosa at canonical.com
Tue Jun 26 14:49:23 UTC 2018
Ubuntu Security Notice USN-3692-2
June 26, 2018
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Several security issues were fixed in OpenSSL.
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
USN-3692-1 fixed a vulnerability in OpenSSL. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key
generation. An attacker could possibly use this issue to perform a
cache-timing attack and recover private ECDSA keys. (CVE-2018-0495)
Guido Vranken discovered that OpenSSL incorrectly handled very large
prime values during a key agreement. A remote attacker could possibly
use this issue to consume resources, leading to a denial of service.
Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis
Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA
key generation. An attacker could possibly use this issue to perform a
cache-timing attack and recover private RSA keys. (CVE-2018-0737)
The problem can be corrected by updating your system to the following
Ubuntu 12.04 ESM:
After a standard system update you need to reboot your computer to make
all the necessary changes.
CVE-2017-0737, CVE-2018-0495, CVE-2018-0732, CVE-2018-0737
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: This is a digitally signed message part
More information about the ubuntu-security-announce