USN-3087-2: OpenSSL regression
USN-3087-2: OpenSSL regression Ubuntu Security Notice USN-3087-2 23rd September, 2016 openssl regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-3087-1 introduced a regression in OpenSSL. Software description openssl – Secure Socket Layer (SSL) cryptographic library and tools Details USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 wasincomplete and caused a regression when parsing certificates. This updatefixes the problem. We apologize for the inconvenience. Original advisory details: Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. (CVE-2016-6304) Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a [ more… ]
