Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Ubuntu 10.04 LTS USN-2232-4 Critical: OpenSSL DoS Regression Fix

Calendar Aug 18, 2014 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory DoS Ubuntu OpenSSL regression attack fix
USN-2232-1 introduced a regression in OpenSSL. 
=========================================================================Ubuntu Security Notice USN-2232-4
August 18, 2014

openssl vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

USN-2232-1 introduced a regression in OpenSSL.

Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for
Ubuntu 10.04 LTS caused a regression for certain applications. This update
fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS
 fragments. A remote attacker could use this issue to cause OpenSSL to
 crash, resulting in a denial of service, or possibly execute arbitrary
 code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and
 Ubuntu 14.04 LTS. (CVE-2014-0195)
  Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A
 remote attacker could use this issue to cause OpenSSL to crash, resulting
 in a denial of service. (CVE-2014-0221)
  KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain
 handshakes. A remote attacker could use this flaw to perform a
 man-in-the-middle attack and possibly decrypt and modify traffic.
 (CVE-2014-0224)
  Felix Gröbert and Ivan Fratrić discovered that OpenSSL incorrectly handled
 anonymous ECDH ciphersuites. A remote attacker could use this issue to
 cause OpenSSL to crash, resulting in a denial of service. This issue only
 affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS.
 (CVE-2014-3470)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
  libssl0.9.8                     0.9.8k-7ubuntu8.21

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2232-4
  https://ubuntu.com/security/notices/USN-2232-1
  https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1356843

Package Information:
  https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.21

Ubuntu 10.04 LTS USN-2232-4 Critical: OpenSSL DoS Regression Fix

ubuntu
Calendar Grey August 18, 2014
Dist Ubuntu Esm H88
Address the vulnerability found in OpenSSL for Ubuntu 10.04 LTS by applying the current security patch and implementing the necessary updates.
USN-2232-1 introduced a regression in OpenSSL.

Summary

Topics%20covered

Topics Covered

security advisory DoS Ubuntu OpenSSL regression attack fix

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.21 After a standard system update you need to reboot your computer to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2232-4

https://ubuntu.com/security/notices/USN-2232-1

https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1356843

Severity
critical
Lowest
Low
Medium
High
Critical

August 18, 2014

Topics%20covered

Topics Covered

security advisory DoS Ubuntu OpenSSL regression attack fix

Package Information

https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.21

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here