More OpenSSL Vulnerabilities Found, Ubuntu OSes Get Patched

All the other supported Ubuntu distros have been affected by this problem

  OpenSSL
Details about a few OpenSSL vulnerabilities in Ubuntu 14.04 LTS, Ubuntu 13.10, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems have been published by Canonical in a security notice.

Details about a few OpenSSL vulnerabilities in Ubuntu 14.04 LTS, Ubuntu 13.10, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems have been published by Canonical in a security notice.

This is just the security notice for Ubuntu, but in fact all the distributions that are using OpenSSL are susceptible to the problems found, again, in this library.

According to the security notice, “Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Also Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service.”

These are just a couple of the problems identified in OpenSSL. For a more detailed description of the issues, you can see Canonical's security notification. Users should upgrade their Linux distribution in order to correct them.

The flaw can be fixed if you upgrade your system(s) to the libssl1.0.0 specific to each distribution. To apply the patch, you can simply run the Update Manager application.

In general, a standard system update will make all the necessary changes and you will have to reboot the system.

Comments