Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 22.04 LTS: USN-6854-1 Critical: OpenSSL Denial Of Service

ubuntu
Calendar Grey June 27, 2024
Dist Ubuntu Esm H88
The Ubuntu Security Announcement USN-6855-1 warns about a vulnerability in OpenSSL that could cause possible service disruption through excessive resource use.
OpenSSL could be made to consume resources and cause long delays if it processed certain input.

Summary

OpenSSL could be made to consume resources and cause long delays if it processed

certain input.

Software Description:

- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

It was discovered that OpenSSL failed to choose an appropriately short

private key size when computing shared-secrets in the Diffie-Hellman Key

Agreement Protocol. A remote attacker could possibly use this issue to cause

OpenSSL to consume resources, resulting in a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  libssl3                         3.0.2-0ubuntu1.16
  openssl                         3.0.2-0ubuntu1.16

After a standard system update you need to reboot your computer to make all the
necessary changes.

References

https://ubuntu.com/security/notices/USN-6854-1

CVE-2022-40735

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6854-1

Package Information

--
Alex Murray
Staff Engineer | Security Engineering
Adelaide, Australia (GMT+0930)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here