Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 24.04 LTS USN-6663-3 Moderate: OpenSSL PKCS#1 Timing Risk

ubuntu
Calendar Grey May 23, 2024
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-6664-4 May 24, 2024, outlines a critical update for OpenSSH mitigating vulnerabilities associated with SSH connections.
Add implicit rejection in PKCS#1 v1.5 in OpenSSL.

Summary

Add implicit rejection in PKCS#1 v1.5 in OpenSSL.

Software Description:

- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

USN-6663-1 provided a security update for OpenSSL.

This update provides the corresponding update for

Ubuntu 24.04 LTS.

Original advisory details:

 As a security improvement, OpenSSL will now

 return deterministic random bytes instead of an error

 when detecting wrong padding in PKCS#1 v1.5 RSA

 to prevent its use in possible Bleichenbacher timing attacks.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   libssl-doc                      3.0.13-0ubuntu3.1
   libssl3t64                      3.0.13-0ubuntu3.1
   openssl                         3.0.13-0ubuntu3.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6663-3

  https://ubuntu.com/security/notices/USN-6663-1

  https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090

Ubuntu Security Notice USN-6663-3

Package Information

  https://launchpad.net/ubuntu/+source/openssl/3.0.13-0ubuntu3.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here