Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu: 6986-1 Severe: OpenSSL Denial Of Service Risk Summary

ubuntu
Calendar Grey September 3, 2024
Dist Ubuntu Esm H88
The Ubuntu Security Advisory USN-6986-1 addresses a vulnerability in OpenSSL that may result in potential data leakage or system instability.
OpenSSL could be made to crash or expose sensitive information if it received a specially crafted certificate.

Summary

OpenSSL could be made to crash or expose sensitive information

if it received a specially crafted certificate.

Software Description:

- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

David Benjamin discovered that OpenSSL incorrectly handled certain

X.509 certificates. An attacker could possible use this issue to

cause a denial of service or expose sensitive information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libssl3t64                      3.0.13-0ubuntu3.4
  openssl                         3.0.13-0ubuntu3.4

Ubuntu 22.04 LTS
  libssl3                         3.0.2-0ubuntu1.18
  openssl                         3.0.2-0ubuntu1.18

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6986-1

CVE-2024-6119

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6986-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here