Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 730
Alerts This Week
Warning Icon 1 730

Ubuntu 16.04 ESM USN-5402-2 Critical: OpenSSL Execution Risk

ubuntu
Calendar Grey May 26, 2022
Dist Ubuntu Esm H88
Critical OpenSSL flaws resolved in Ubuntu 16.04 ESM. Detailed update addressing security concerns and required adjustments provided.
Several security issues were fixed in OpenSSL.

Summary

Several security issues were fixed in OpenSSL.

Software Description:

- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides

the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Elison Niven discovered that OpenSSL incorrectly handled the c_rehash

script. A local attacker could possibly use this issue to execute arbitrary

commands when c_rehash is run. (CVE-2022-1292)

Aliaksei Levin discovered that OpenSSL incorrectly handled resources when

decoding certificates and keys. A remote attacker could possibly use this

issue to cause OpenSSL to consume resources, leading to a denial of

service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1473)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  libssl1.0.0                     1.0.2g-1ubuntu4.20+esm3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5402-2

https://ubuntu.com/security/notices/USN-5402-1

CVE-2022-1292, CVE-2022-1473

Severity
critical
Lowest
Low
Medium
High
Critical

May 26, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.