USN-3181-1: OpenSSL vulnerabilities<\/p>\n
31st January, 2017<\/em><\/p>\n A security issue affects these releases of Ubuntu and its Several security issues were fixed in OpenSSL.\n<\/p>\n Guido Vranken discovered that OpenSSL used undefined behaviour when It was discovered that OpenSSL did not properly handle Montgomery It was discovered that OpenSSL did not properly use constant-time Shi Lei discovered that OpenSSL incorrectly handled certain warning alerts. Robert \u015awi\u0119cki discovered that OpenSSL incorrectly handled certain It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery The problem can be corrected by updating your system to the following To update your system, please follow these instructions: After a standard system update you need to reboot your computer to make CVE-2016-2177<\/a>, <\/p>\n CVE-2016-7055<\/a>, <\/p>\n CVE-2016-7056<\/a>, <\/p>\n CVE-2016-8610<\/a>, <\/p>\n CVE-2017-3731<\/a>, <\/p>\n CVE-2017-3732<\/a><\/p>\n Source: USN-3181-1: OpenSSL vulnerabilities<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" USN-3181-1: OpenSSL vulnerabilities Ubuntu Security Notice USN-3181-1 31st January, 2017 openssl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenSSL. Software description openssl – Secure Socket Layer (SSL) cryptographic library and tools Details Guido Vranken discovered that OpenSSL used undefined behaviour whenperforming pointer arithmetic. A remote attacker could possibly use thisissue to cause OpenSSL to crash, resulting in a denial of service. Thisissue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as otherreleases were fixed in a previous security update. (CVE-2016-2177) It was discovered that OpenSSL did not properly handle Montgomerymultiplication, resulting in incorrect results leading to transientfailures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10.(CVE-2016-7055) It was discovered that OpenSSL did not [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[586],"tags":[587],"class_list":["post-13634","post","type-post","status-publish","format-standard","hentry","category-ubuntu-usn","tag-ubuntu-usn"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/13634","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=13634"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/13634\/revisions"}],"predecessor-version":[{"id":13635,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/13634\/revisions\/13635"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=13634"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=13634"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=13634"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}openssl vulnerabilities<\/h3>\n
\n derivatives:<\/p>\n\n
Summary<\/h3>\n
Software description<\/h3>\n
\n
\n – Secure Socket Layer (SSL) cryptographic library and tools<\/p>\n<\/li>\n<\/ul>\nDetails<\/h3>\n
performing pointer arithmetic. A remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. This
issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other
releases were fixed in a previous security update. (CVE-2016-2177<\/a>)<\/p>\n
multiplication, resulting in incorrect results leading to transient
failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10.
(CVE-2016-7055<\/a>)<\/p>\n
operations when performing ECDSA P-256 signing. A remote attacker could
possibly use this issue to perform a timing attack and recover private
ECDSA keys. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04
LTS. (CVE-2016-7056<\/a>)<\/p>\n
A remote attacker could possibly use this issue to cause OpenSSL to stop
responding, resulting in a denial of service. (CVE-2016-8610<\/a>)<\/p>\n
truncated packets. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. (CVE-2017-3731<\/a>)<\/p>\n
squaring procedure. While unlikely, a remote attacker could possibly use
this issue to recover private keys. This issue only applied to Ubuntu 16.04
LTS, and Ubuntu 16.10. (CVE-2017-3732<\/a>)<\/p>\nUpdate instructions<\/h3>\n
\npackage version:<\/p>\n\n
\n
\n 1.0.2g-1ubuntu9.1<\/a>
\n <\/span>\n <\/dd>\n
\n
\n 1.0.2g-1ubuntu4.6<\/a>
\n <\/span>\n <\/dd>\n
\n
\n 1.0.1f-1ubuntu2.22<\/a>
\n <\/span>\n <\/dd>\n
\n
\n 1.0.1-4ubuntu5.39<\/a>
\n <\/span>\n <\/dd>\n<\/dl>\n
\nhttps:\/\/wiki.ubuntu.com\/Security\/Upgrades<\/a>.\n<\/p>\n
all the necessary changes.<\/p>\nReferences<\/h3>\n