Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Ubuntu 15.04 LTS USN-2639-1 Critical: OpenSSL Denial of Service

ubuntu
Calendar Grey June 11, 2015
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
Several security issues were fixed in OpenSSL.

Summary

Several security issues were fixed in OpenSSL.

Software Description:

- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that

OpenSSL incorrectly handled memory when buffering DTLS data. A remote

attacker could use this issue to cause OpenSSL to crash, resulting in a

denial of service, or possibly execute arbitrary code. (CVE-2014-8176)

Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed

ECParameters structures. A remote attacker could use this issue to cause

OpenSSL to hang, resulting in a denial of service. (CVE-2015-1788)

Robert Swiecki and Hanno Böck discovered that OpenSSL incorrectly handled

certain ASN1_TIME strings. A remote attacker could use this issue to cause

OpenSSL to crash, resulting in a denial of service. (CVE-2015-1789)

Michal Zalewski discovered that OpenSSL incorrectly handled missing content

when parsing ASN.1-encoded PKC...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  libssl1.0.0                     1.0.1f-1ubuntu11.4

Ubuntu 14.10:
  libssl1.0.0                     1.0.1f-1ubuntu9.8

Ubuntu 14.04 LTS:
  libssl1.0.0                     1.0.1f-1ubuntu2.15

Ubuntu 12.04 LTS:
  libssl1.0.0                     1.0.1-4ubuntu5.31

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2639-1

CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790,

CVE-2015-1791, CVE-2015-1792

Severity
critical
Lowest
Low
Medium
High
Critical

June 11, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.