USN-2914-1: OpenSSL vulnerabilities
USN-2914-1: OpenSSL vulnerabilities Ubuntu Security Notice USN-2914-1 1st March, 2016 openssl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenSSL. Software description openssl – Secure Socket Layer (SSL) cryptographic library and tools Details Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL wasvulnerable to a side-channel attack on modular exponentiation. On certainCPUs, a local attacker could possibly use this issue to recover RSA keys.This flaw is known as CacheBleed. (CVE-2016-0702) Adam Langley discovered that OpenSSL incorrectly handled memory whenparsing DSA private keys. A remote attacker could use this issue to causeOpenSSL to crash, resulting in a denial of service, or possibly executearbitrary code. (CVE-2016-0705) Guido Vranken discovered that OpenSSL incorrectly handled hex digitcalculation in the BN_hex2bn function. A remote attacker [ more… ]