지락문화예술공작단

USN-2959-1: OpenSSL vulnerabilities Ubuntu Security Notice USN-2959-1 3rd May, 2016 openssl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenSSL. Software description openssl – Secure Socket Layer (SSL) cryptographic library and tools Details Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSLincorrectly handled memory when decoding ASN.1 structures. A remoteattacker could use this issue to cause OpenSSL to crash, resulting in adenial of service, or possibly execute arbitrary code. (CVE-2016-2108) Juraj Somorovsky discovered that OpenSSL incorrectly performed padding whenthe connection uses the AES CBC cipher and the server supports AES-NI. Aremote attacker could possibly use this issue to perform a padding oracleattack and decrypt traffic. (CVE-2016-2107) Guido Vranken discovered that OpenSSL incorrectly handled large amounts ofinput data [ more… ]