========================================================================== Ubuntu Security Notice USN-3692-2 June 26, 2018
openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: USN-3692-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) Guido Vranken discovered that OpenSSL incorrectly handled very large prime values during a key agreement. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2018-0732) Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. (CVE-2018-0737) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: libssl1.0.0 1.0.1-4ubuntu5.43 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3692-2 https://usn.ubuntu.com/usn/usn-3692-1 CVE-2017-0737, CVE-2018-0495, CVE-2018-0732, CVE-2018-0737
signature.asc
Description: This is a digitally signed message part
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
