Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 20.04 LTS OpenSSL Critical Denial of Service Issues USN-8155-2

ubuntu
Calendar Grey April 9, 2026
Dist Ubuntu Esm H88
Critical updates for OpenSSL address multiple vulnerabilities in Ubuntu, ensuring secure operations across various releases.
Several security issues were fixed in OpenSSL.

Summary

Several security issues were fixed in OpenSSL.

Software Description:

- openssl: Secure Socket Layer (SSL) cryptographic library and tools

- openssl1.0: Secure Socket Layer (SSL) cryptographic library and tools

Details:

USN-8155-1 fixed vulnerabilities in OpenSSL. This update provides the

corresponding updates for CVE-2026-28387 for openssl in Ubuntu 20.04 LTS.

CVE-2026-28388 for openssl and openssl1.0 in Ubuntu 14.04 LTS, Ubuntu 16.04

LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS, and CVE-2026-28389 and

CVE-2026-28390 for openssl and openssl1.0 for Ubuntu 16.04 LTS, Ubuntu

18.04 LTS, and Ubuntu 20.04 LTS.

Original advisory details:

Viktor Dukhovni discovered that OpenSSL incorrectly negotiated the

expected preferred key exchange group when used as a TLS 1.3 server. This

could result in a less preferred key exchange being used, contrary to

expectations. This issue only affected Ubuntu 25.10. (CVE-2026-2673)

Igor Morgenstern discovered that OpenSSL incorrectly handled certain

...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  libssl1.1                       1.1.1f-1ubuntu2.24+esm3
                                  Available with Ubuntu Pro
  openssl                         1.1.1f-1ubuntu2.24+esm3
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libssl1.0.0                     1.0.2n-1ubuntu5.13+esm4
                                  Available with Ubuntu Pro
  libssl1.1                       1.1.1-1ubuntu2.1~18.04.23+esm8
                                  Available with Ubuntu Pro
  openssl                         1.1.1-1ubuntu2.1~18.04.23+esm8
                                  Available with Ubuntu Pro
  openssl1.0                      1.0.2n-1ubuntu5.13+esm4
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libssl1.0.0                     1.0.2g-1ubuntu4.20+esm15
                                  Available with Ubuntu Pro
  openssl                         1.0.2g-1ubuntu4.20+esm15
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  libssl1.0.0                     1.0.1f-1ubuntu2.27+esm13
                                  Available with Ubuntu Pro
  openssl                         1.0.1f-1ubuntu2.27+esm13
                                  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-8155-2

https://ubuntu.com/security/notices/USN-8155-1

CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8155-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here