Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Ubuntu 22.04 LTS: USN-5403-1 Major OpenSSL Vulnerabilities

ubuntu
Calendar Grey May 4, 2022
Dist Ubuntu Esm H88
Ubuntu users must stay informed about critical OpenSSL vulnerabilities. This guide covers recent bugs and offers step-by-step update instructions for security.
Several security issues were fixed in OpenSSL.

Summary

Several security issues were fixed in OpenSSL.

Software Description:

- openssl: Secure Socket Layer (SSL) cryptographic library and tools

- openssl1.0: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Elison Niven discovered that OpenSSL incorrectly handled the c_rehash

script. A local attacker could possibly use this issue to execute arbitrary

commands when c_rehash is run. (CVE-2022-1292)

Raul Metsma discovered that OpenSSL incorrectly verified certain response

signing certificates. A remote attacker could possibly use this issue to

spoof certain response signing certificates. This issue only affected

Ubuntu 22.04 LTS. (CVE-2022-1343)

Tom Colley discovered that OpenSSL used the incorrect MAC key in the

RC4-MD5 ciphersuite. In non-default configurations were RC4-MD5 is enabled,

a remote attacker could possibly use this issue to modify encrypted

communications. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1434)

Aliaksei Levin d...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
  libssl3                         3.0.2-0ubuntu1.1

Ubuntu 21.10:
  libssl1.1                       1.1.1l-1ubuntu1.3

Ubuntu 20.04 LTS:
  libssl1.1                       1.1.1f-1ubuntu2.13

Ubuntu 18.04 LTS:
  libssl1.0.0                     1.0.2n-1ubuntu5.9
  libssl1.1                       1.1.1-1ubuntu2.1~18.04.17

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5402-1

CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473

Severity
critical
Lowest
Low
Medium
High
Critical

May 04, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.