Ubuntu 3899-1: OpenSSL vulnerability

    Date27 Feb 2019
    CategoryUbuntu
    3306
    Posted ByLinuxSecurity Advisories
    OpenSSL could be made to expose sensitive information over the network.
    ==========================================================================
    Ubuntu Security Notice USN-3899-1
    February 27, 2019
    
    openssl, openssl1.0 vulnerability
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 18.10
    - Ubuntu 18.04 LTS
    - Ubuntu 16.04 LTS
    
    Summary:
    
    OpenSSL could be made to expose sensitive information over the network.
    
    Software Description:
    - openssl1.0: Secure Socket Layer (SSL) cryptographic library and tools
    - openssl: Secure Socket Layer (SSL) cryptographic library and tools
    
    Details:
    
    Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain
    applications incorrectly used OpenSSL and could be exposed to a padding
    oracle attack. A remote attacker could possibly use this issue to decrypt
    data.
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 18.10:
      libssl1.0.0                     1.0.2n-1ubuntu6.2
    
    Ubuntu 18.04 LTS:
      libssl1.0.0                     1.0.2n-1ubuntu5.3
    
    Ubuntu 16.04 LTS:
      libssl1.0.0                     1.0.2g-1ubuntu4.15
    
    After a standard system update you need to reboot your computer to make
    all the necessary changes.
    
    References:
      https://usn.ubuntu.com/usn/usn-3899-1
      CVE-2019-1559
    
    Package Information:
      https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu6.2
      https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.3
      https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.15
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Have you used our RSS feeds?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    21
    radio
    [{"id":"77","title":"Yes, for articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"78","title":"Yes, for advisories","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"79","title":"Hybrid that contains both","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"80","title":"No","votes":"0","type":"x","order":"4","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.