Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Ubuntu 14.10: USN-2537-1 Moderate OpenSSL Denial Of Service Threat

ubuntu
Calendar Grey March 19, 2015
Dist Ubuntu Esm H88
Linux enthusiasts ought to perform updates immediately since various OpenSSL vulnerabilities have been resolved, safeguarding against possible system failures and malicious attacks.
Several security issues were fixed in OpenSSL.

Summary

Several security issues were fixed in OpenSSL.

Software Description:

- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

It was discovered that OpenSSL incorrectly handled malformed EC private key

files. A remote attacker could possibly use this issue to cause OpenSSL to

crash, resulting in a denial of service, or execute arbitrary code.

(CVE-2015-0209)

Stephen Henson discovered that OpenSSL incorrectly handled comparing ASN.1

boolean types. A remote attacker could possibly use this issue to cause

OpenSSL to crash, resulting in a denial of service. (CVE-2015-0286)

Emilia Käsper discovered that OpenSSL incorrectly handled ASN.1 structure

reuse. A remote attacker could possibly use this issue to cause OpenSSL to

crash, resulting in a denial of service, or execute arbitrary code.

(CVE-2015-0287)

Brian Carpenter discovered that OpenSSL incorrectly handled invalid

certificate keys. A remote attacker could possibly use this issue to...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  libssl1.0.0                     1.0.1f-1ubuntu9.4

Ubuntu 14.04 LTS:
  libssl1.0.0                     1.0.1f-1ubuntu2.11

Ubuntu 12.04 LTS:
  libssl1.0.0                     1.0.1-4ubuntu5.25

Ubuntu 10.04 LTS:
  libssl0.9.8                     0.9.8k-7ubuntu8.27

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2537-1

CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288,

CVE-2015-0289, CVE-2015-0292, CVE-2015-0293

Severity
important
Lowest
Low
Medium
High
Critical

March 19, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.