USN-7018-1: OpenSSL vulnerabilities
18 September 2024
Several security issues were fixed in OpenSSL.
Releases
Packages
- openssl - Secure Socket Layer (SSL) cryptographic library and tools
Details
Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky
discovered that certain Diffie-Hellman ciphersuites in the TLS
specification and implemented by OpenSSL contained a flaw. A remote
attacker could possibly use this issue to eavesdrop on encrypted
communications. This was fixed in this update by removing the insecure
ciphersuites from OpenSSL. (CVE-2020-1968)
Paul Kehrer discovered that OpenSSL incorrectly handled certain input
lengths in EVP functions. A remote attacker could possibly use this issue
to cause OpenSSL to crash, resulting in a denial of service.
(CVE-2021-23840)
Elison Niven discovered that OpenSSL incorrectly handled the c_rehash
script. A local attacker could possibly use this issue to execute arbitrary
commands when c_rehash is run. (CVE-2022-1292)
Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the
c_rehash script. A local attacker could possibly use this issue to execute
arbitrary commands when c_rehash is run. (CVE-2022-2068)
It was discovered that OpenSSL incorrectly handled excessively large
Diffie-Hellman parameters. An attacker could possibly use this issue
to cause a denial of service. (CVE-2023-3446)
Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed
PKCS12 files. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. (CVE-2024-0727)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04
-
libssl1.0.0
-
1.0.1f-1ubuntu2.27+esm10
Available with Ubuntu Pro
-
openssl
-
1.0.1f-1ubuntu2.27+esm10
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
Related notices
- USN-6622-1: openssl, libssl3, libssl-doc, libssl1.1, libssl-dev
- USN-6632-1: openssl, libssl-doc, libssl1.1, libssl-dev, libssl1.0.0
- USN-6709-1: libssl1.0-dev, libssl1.0.0, openssl1.0
- USN-5488-1: openssl, libssl-doc, libssl3, libssl1.0-dev, libssl1.1, openssl1.0, libssl-dev, libssl1.0.0
- USN-5488-2: openssl, libssl-doc, libssl-dev, libssl1.0.0
- USN-6457-1: nodejs-doc, libnode72, libnode-dev, nodejs
- USN-4738-1: openssl, libssl-doc, libssl1.0-dev, libssl1.1, libssl1.1-udeb, libssl1.0.0-udeb, openssl1.0, libssl-dev, libcrypto1.1-udeb, libssl1.0.0, libcrypto1.0.0-udeb
- USN-5088-1: qemu-efi, qemu-efi-arm, ovmf, edk2, ovmf-ia32, qemu-efi-aarch64
- USN-5402-1: openssl, libssl-doc, libssl3, libssl1.0-dev, libssl1.1, openssl1.0, libssl-dev, libssl1.0.0
- USN-5402-2: openssl, libssl-doc, libssl-dev, libssl1.0.0
- USN-7060-1: qemu-efi, qemu-efi-arm, ovmf, edk2, ovmf-ia32, qemu-efi-aarch64
- USN-4504-1: openssl, libssl-doc, libssl1.0-dev, libssl1.0.0-udeb, openssl1.0, libssl-dev, libssl1.0.0, libcrypto1.0.0-udeb
- USN-6435-1: openssl, libssl-doc, libssl1.1, libssl-dev, libssl1.0.0
- USN-6450-1: openssl, libssl3, libssl-doc, libssl-dev
- USN-6435-2: libssl1.1, openssl, libssl-doc, libssl-dev