Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Ubuntu 24.04 LTS USN-7278-1 moderate: OpenSSL Remote Code Execution

ubuntu
Calendar Grey February 20, 2025
Dist Ubuntu Esm H88
Critical OpenSSL vulnerabilities addressed in advisory USN-7378-1, affecting various Ubuntu editions with important patches.
Several security issues were fixed in OpenSSL.

Summary

Several security issues were fixed in OpenSSL.

Software Description:

- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

George Pantelakis and Alicja Kario discovered that OpenSSL had a timing

side-channel when performing ECDSA signature computations. A remote

attacker could possibly use this issue to recover private data.

(CVE-2024-13176)

It was discovered that OpenSSL incorrectly handled certain memory

operations when using low-level GF(2^m) elliptic curve APIs with untrusted

explicit values for the field polynomial. When being used in this uncommon

fashion, a remote attacker could use this issue to cause OpenSSL to crash,

resulting in a denial of service, or possibly execute arbitrary code.

(CVE-2024-9143)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   libssl3t64                      3.0.13-0ubuntu3.5
   openssl                         3.0.13-0ubuntu3.5

Ubuntu 22.04 LTS
   libssl3                         3.0.2-0ubuntu1.19
   openssl                         3.0.2-0ubuntu1.19

Ubuntu 20.04 LTS
   libssl1.1                       1.1.1f-1ubuntu2.24
   openssl                         1.1.1f-1ubuntu2.24

After a standard system update you need to reboot your computer to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-7278-1

CVE-2024-13176, CVE-2024-9143

Ubuntu Security Notice USN-7278-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here