Explore top 10 tips to secure your open-source projects now. Read More
×
Add implicit rejection in PKCS#1 v1.5 in OpenSSL.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
USN-6663-1 provided a security update for OpenSSL.
This update provides the corresponding update for
Ubuntu 16.04 LTS.
Original advisory details:
As a security improvement, this update prevents OpenSSL
from returning an error when detecting wrong padding
in PKCS#1 v1.5 RSA, to prevent its use in possible
Bleichenbacher timing attacks.
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS (Available with Ubuntu Pro): libssl-doc 1.0.2g-1ubuntu4.20+esm12 libssl1.0.0 1.0.2g-1ubuntu4.20+esm12 openssl 1.0.2g-1ubuntu4.20+esm12 After a standard system update you need to reboot your computer to make all the necessary changes.
https://ubuntu.com/security/notices/USN-6663-1
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090
Get the latest Linux and open source security news straight to your inbox.