Ubuntu alert USN-6854-1 (openssl)
| From: | Alex Murray <alex.murray@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-6854-1] OpenSSL vulnerability | |
| Date: | Thu, 27 Jun 2024 12:42:12 +0930 | |
| Message-ID: | <87jzibxenn.fsf@canonical.com> |
========================================================================== Ubuntu Security Notice USN-6854-1 June 27, 2024 openssl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: OpenSSL could be made to consume resources and cause long delays if it processed certain input. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: It was discovered that OpenSSL failed to choose an appropriately short private key size when computing shared-secrets in the Diffie-Hellman Key Agreement Protocol. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS libssl3 3.0.2-0ubuntu1.16 openssl 3.0.2-0ubuntu1.16 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6854-1 CVE-2022-40735 Package Information: https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubunt... -- Alex Murray Staff Engineer | Security Engineering Adelaide, Australia (GMT+0930)
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQFOBAEBCgA4FiEEiOlTC8vdwgBRe16w9JjS2d59rZwFAmZ82IwaHGFsZXgubXVy cmF5QGNhbm9uaWNhbC5jb20ACgkQ9JjS2d59rZwrtwgAkCCSYVEq5jDlb2GPyac4 e+yATlu5824u6qSd5v8h0nkQ/sWkP/YSV7DfPD3/o8jD1X02h/fSmEFecbriknu2 u6v/qTorImv7HujuNNdMN/B0l9zcpP82OL7jjAit9ptb+/ScfDkGah/ykqWn7K/U 7HI8+IE0eHPMFbQnaEfodP5L3kKXSnCkW8y+P2LLnakTz8BCDoxVA7HRLpckSg/5 bUOmy+OWe8gQJvdsJmLPW0UGN2yG96XaBTQDbAjjgGlVa0fUWfGJm/SAQEU864em LifexRSlsH744iGq2clk1NgjIfyGp3cRL05OjVMeg+eHcr3xX4RGSkt+0CMcc44w jw== =qP16 -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)