Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 634
Alerts This Week
Warning Icon 1 634

Ubuntu 16.04 LTS: USN-3813-1 Critical: pyOpenSSL Memory Issues

ubuntu
Calendar Grey November 8, 2018
Dist Ubuntu Esm H88
Several vulnerabilities addressed in pyOpenSSL impacting Ubuntu 16.04 LTS. Important patches released for mitigation.
Several security issues were fixed in pyOpenSSL.

Summary

Several security issues were fixed in pyOpenSSL.

Software Description:

- pyopenssl: Python wrapper around the OpenSSL library

Details:

It was discovered that pyOpenSSL incorrectly handled memory when handling

X509 objects. A remote attacker could use this issue to cause pyOpenSSL to

crash, resulting in a denial of service, or possibly execute arbitrary

code. (CVE-2018-1000807)

It was discovered that pyOpenSSL incorrectly handled memory when performing

operations on a PKCS #12 store. A remote attacker could possibly use this

issue to cause pyOpenSSL to consume resources, resulting in a denial of

service. (CVE-2018-1000808)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  python-openssl                  0.15.1-2ubuntu0.2
  python3-openssl                 0.15.1-2ubuntu0.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3813-1

CVE-2018-1000807, CVE-2018-1000808

Severity
critical
Lowest
Low
Medium
High
Critical

November 08, 2018

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.