Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 555
Alerts This Week
Warning Icon 1 555

Ubuntu 16.04 LTS USN-6663-2: OpenSSL Security Update Overview

ubuntu
Calendar Grey March 13, 2024
Dist Ubuntu Esm H88
Ubuntu Security Announcement USN-7777-3 March 14, 2024 libcurl upgrade offers essential patch information and guidance.
Add implicit rejection in PKCS#1 v1.5 in OpenSSL.

Summary

Add implicit rejection in PKCS#1 v1.5 in OpenSSL.

Software Description:

- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

USN-6663-1 provided a security update for OpenSSL.

This update provides the corresponding update for

Ubuntu 16.04 LTS.

Original advisory details:

 As a security improvement, this update prevents OpenSSL

 from returning an error when detecting wrong padding

 in PKCS#1 v1.5 RSA, to prevent its use in possible

 Bleichenbacher timing attacks.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   libssl-doc                      1.0.2g-1ubuntu4.20+esm12
   libssl1.0.0                     1.0.2g-1ubuntu4.20+esm12
   openssl                         1.0.2g-1ubuntu4.20+esm12

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

 

  https://ubuntu.com/security/notices/USN-6663-1

  https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6663-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.