Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in OpenSSL.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring.
(CVE-2014-3570)
Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted
DTLS messages. A remote attacker could use this issue to cause OpenSSL to
crash, resulting in a denial of service. (CVE-2014-3571)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain
handshakes. A remote attacker could possibly use this issue to downgrade to
ECDH, removing forward secrecy from the ciphersuite. (CVE-2014-3572)
Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that
OpenSSL incorrectly handled certain certificate fingerprints. A remote
attacker could possibly use this issue to trick certain applications that
rely on the uniqueness of fingerprints. (CVE-2014-8275)
Karthikeyan Bhargavan discove...
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.1 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.8 Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.21 Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.23 After a standard system update you need to reboot your computer to make all the necessary changes.
CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275,
CVE-2015-0204, CVE-2015-0205, CVE-2015-0206
Get the latest Linux and open source security news straight to your inbox.