Explore top 10 tips to secure your open-source projects now. Read More
×
OpenSSL could be made to expose sensitive information over the network.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB
mode when using the AES-NI assembly optimized implementation on 32-bit
x86 platforms. A remote attacker could possibly use this issue to obtain
sensitive information.
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libssl3 3.0.2-0ubuntu1.6 Ubuntu 21.10: libssl1.1 1.1.1l-1ubuntu1.6 Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.16 Ubuntu 18.04 LTS: libssl1.1 1.1.1-1ubuntu2.1~18.04.20 After a standard system update you need to reboot your computer to make all the necessary changes.
https://ubuntu.com/security/notices/USN-5502-1
CVE-2022-2097
Get the latest Linux and open source security news straight to your inbox.