=========================================================================Ubuntu Security Notice USN-3087-2
September 23, 2016

openssl regression
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

USN-3087-1 introduced a regression in OpenSSL.

Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was
incomplete and caused a regression when parsing certificates. This update
fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request
 extension. A remote attacker could possibly use this issue to cause memory
 consumption, resulting in a denial of service. (CVE-2016-6304)
  Guido Vranken discovered that OpenSSL used undefined behaviour when
 performing pointer arithmetic. A remote attacker could possibly use this
 issue to cause OpenSSL to crash, resulting in a denial of service. This
 issue has only been addressed in Ubuntu 16.04 LTS in this update.
 (CVE-2016-2177)
  César Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL
 did not properly use constant-time operations when performing DSA signing.
 A remote attacker could possibly use this issue to perform a cache-timing
 attack and recover private DSA keys. (CVE-2016-2178)
  Quan Luo discovered that OpenSSL did not properly restrict the lifetime
 of queue entries in the DTLS implementation. A remote attacker could
 possibly use this issue to consume memory, resulting in a denial of
 service. (CVE-2016-2179)
  Shi Lei discovered that OpenSSL incorrectly handled memory in the
 TS_OBJ_print_bio() function. A remote attacker could possibly use this
 issue to cause a denial of service. (CVE-2016-2180)
  It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay
 feature. A remote attacker could possibly use this issue to cause a denial
 of service. (CVE-2016-2181)
  Shi Lei discovered that OpenSSL incorrectly validated division results. A
 remote attacker could possibly use this issue to cause a denial of service.
 (CVE-2016-2182)
  Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES
 ciphers were vulnerable to birthday attacks. A remote attacker could
 possibly use this flaw to obtain clear text data from long encrypted
 sessions. This update moves DES from the HIGH cipher list to MEDIUM.
 (CVE-2016-2183)
  Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths.
 A remote attacker could use this issue to cause a denial of service.
 (CVE-2016-6302)
  Shi Lei discovered that OpenSSL incorrectly handled memory in the
 MDC2_Update() function. A remote attacker could possibly use this issue to
 cause a denial of service. (CVE-2016-6303)
  Shi Lei discovered that OpenSSL incorrectly performed certain message
 length checks. A remote attacker could possibly use this issue to cause a
 denial of service. (CVE-2016-6306)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libssl1.0.0                     1.0.2g-1ubuntu4.5

Ubuntu 14.04 LTS:
  libssl1.0.0                     1.0.1f-1ubuntu2.21

Ubuntu 12.04 LTS:
  libssl1.0.0                     1.0.1-4ubuntu5.38

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3087-2
  https://ubuntu.com/security/notices/USN-3087-1
  https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1626883

Package Information:
  https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5
  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21
  https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38