14 DAY TRIAL // Details about an OpenSSL regression in Ubuntu 14.04 LTS, Ubuntu 13.10, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems have been published by Canonical in a security notice.
A few days after Ubuntu developers integrated quite a few OpenSSL fixes for some recent problems that had been identified in the cryptographic library, the devs had to push another update to correct a regression.
According to the security notice, “USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use tls_session_secret_cb, such as wpa_supplicant. This update fixes the problem.”
The initial vulnerability stated that, among other issues, OpenSSL incorrectly handled invalid DTLS fragments and remote attackers could have used this issue to cause OpenSSL to crash, resulting in a denial of service. This is just one of the issues fixed by the previous update, but only one regression was registered.
The issue can be fixed if you upgrade your system(s) to the libssl1.0.0 specific to each distribution. To apply the patch, you can simply run the Update Manager application and enter apt-get update and apt-get dist-upgrade from the terminal.
In general, a standard system update will make all the necessary changes and you will have to reboot the system.