A previous OpenSSL update has caused a few issues in Ubuntu 10.04 LTS

Aug 19, 2014 17:01 GMT  ·  By

Canonical has published details about an OpenSSL regression that has been found and fixed in the Ubuntu 10.04 LTS operating system.

Ubuntu developers made a small update to the OpenSSL a while back, but they introduced a regression. This latest update is specifically aimed at that regression.

According to the security notice, "USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem."

The initial vulnerability remarked that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service.

Also, OpenSSL incorrectly handled certain handshakes. A remote attacker could have used this flaw to perform a man-in-the-middle attack to decrypt and modify traffic.

The issue can be fixed if you upgrade your system to the libssl0.9.8 specific to each distribution. To apply the patch, you can simply run the Update Manager application and enter apt-get update and apt-get dist-upgrade from the terminal.

In general, a standard system update will make all the necessary changes and you will have to reboot the system.

If you have problems updating the system for whatever reason, Canonical provides a wiki with some instructions.