========================================================================== Ubuntu Security Notice USN-3512-1 December 11, 2017
openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: David Benjamin discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions. (CVE-2017-3737) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery multiplication procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. (CVE-2017-3738) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: libssl1.0.0 1.0.2g-1ubuntu13.3 Ubuntu 17.04: libssl1.0.0 1.0.2g-1ubuntu11.4 Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.10 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3512-1 CVE-2017-3737, CVE-2017-3738 Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu13.3 https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu11.4 https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.10
signature.asc
Description: OpenPGP digital signature
-- ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
