14 DAY TRIAL // Details about OpenSSL vulnerabilities in its Ubuntu 14.10, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems have been published by Canonical.
The OpenSSL developers have just released a number of very important fixes for this library and the Ubuntu devs have been quick to integrate them into the supported OSes. This is a critical library and users have been advised to upgrade their systems as soon as possible.
According to the security notice, "Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that OpenSSL incorrectly handled certain certificate fingerprints. A remote attacker could possibly use this issue to trick certain applications that rely on the uniqueness of fingerprints."
For a more detailed description of the problems, you can see Canonical's security notification. As usual, the problems can be easily corrected if you upgrade your system(s) to the latest libssl package specific to each distribution. To apply the patch, run the Update Manager application.
If you don't want to use the Software Updater, you can do this from a terminal. Open a terminal and enter the following commands:
sudo apt-get dist-upgrade