USN-6188-1: OpenSSL vulnerability
22 June 2023
OpenSSL could be made to consume resources and cause long delays if it processed certain input.
Releases
Packages
- openssl - Secure Socket Layer (SSL) cryptographic library and tools
Details
Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1
object identifiers. A remote attacker could possibly use this issue to
cause OpenSSL to consume resources, resulting in a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
openssl
-
1.0.2g-1ubuntu4.20+esm9
Available with Ubuntu Pro
-
libssl1.0.0
-
1.0.2g-1ubuntu4.20+esm9
Available with Ubuntu Pro
Ubuntu 14.04
-
openssl
-
1.0.1f-1ubuntu2.27+esm9
Available with Ubuntu Pro
-
libssl1.0.0
-
1.0.1f-1ubuntu2.27+esm9
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
Related notices
- USN-6119-1: libssl-dev, libssl-doc, openssl, openssl1.0, libssl1.1, libssl1.0-dev, libssl3, libssl1.0.0
- USN-6672-1: nodejs, libnode-dev, libnode72, libnode108, libnode64, nodejs-doc