USN-3512-1: OpenSSL vulnerabilities
USN-3512-1: OpenSSL vulnerabilities Ubuntu Security Notice USN-3512-1 11th December, 2017 openssl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Summary Several security issues were fixed in OpenSSL. Software description openssl – Secure Socket Layer (SSL) cryptographic library and tools Details David Benjamin discovered that OpenSSL did not correctly preventbuggy applications that ignore handshake errors from subsequently callingcertain functions. (CVE-2017-3737) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomerymultiplication procedure. While unlikely, a remote attacker could possiblyuse this issue to recover private keys. (CVE-2017-3738) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libssl1.0.0 1.0.2g-1ubuntu13.3 Ubuntu 17.04: libssl1.0.0 1.0.2g-1ubuntu11.4 Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.10 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need [ more… ]
