==========================================================================
Ubuntu Security Notice USN-2232-1
June 05, 2014
openssl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description:
– openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS
fragments. A remote attacker could use this issue to cause OpenSSL to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and
Ubuntu 14.04 LTS. (CVE-2014-0195)
Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A
remote attacker could use this issue to cause OpenSSL to crash, resulting
in a denial of service. (CVE-2014-0221)
KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain
handshakes. A remote attacker could use this flaw to perform a
man-in-the-middle attack and possibly decrypt and modify traffic.
(CVE-2014-0224)
Felix Gröbert and Ivan Fratrić discovered that OpenSSL incorrectly handled
anonymous ECDH ciphersuites. A remote attacker could use this issue to
cause OpenSSL to crash, resulting in a denial of service. This issue only
affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS.
(CVE-2014-3470)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libssl1.0.0 1.0.1f-1ubuntu2.2
Ubuntu 13.10:
libssl1.0.0 1.0.1e-3ubuntu1.4
Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.14
Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.18
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2232-1
CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
Package Information:
https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.2
https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.4
https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.14
https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.18
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJTkGObAAoJEGVp2FWnRL6TIA4P/Azl/mhMVmmbOMhrWyjdPn0d
8MWJGvrn3YHZWd0m1EFFBkzOzl7RRlv1RsYAb5+Dm1RC6tL3enrenmsVflRKlPiN
lpM7hHWMGko7IbPO/a2DmPd2slvlKXAJe8iU/dmV3/Si1XDT4ADy6bJk5xx8+JxM
xaS44yDuBisNS25YxCggmVxl+poNVE4178mu+6+WnbEH+YYc595sVp3cFkmgi8u4
KOg6SYZ2rCfZGUmnIDJAWzSkFNXOeBvRT1nG9+WOR0KAyOSG8RbtBeqT8gLEyqYb
Zx+TzKTEbJdH0u+ZuvSDWxCFbUpaFBbTIEtCf7LbpCntarWKoA8W7CJ39ESjD8Ue
2ozzgxSRD27e+OjyUZCsotCcpHNbKOlAjB0Z86u8clNvBiw3xN8yS0Wt30sgKzlw
xOHCxiiLipeQdd+fl6Vru3xNyhbJHGwZmY4ML2ht72HMKdEE1NENSHv+1nmbMska
SJjddVzkeFrMWNjPgHlDV90p6QN4v2TRZxwWn9U8bvjOm8HFjMNFVV11N0I0UEw/
mLjvI5pZRJTU2c1/1zjjllG4Uvc5jM+hlPhgFmjKLQKoOY7D5p1nupfY98t8W3Sj
XgkdTVgkm44TbTJlIkE4mJLnwVFTYLKEmpPHd8zVD0aDZ9fC/ZLnhcD/TLD6cnOG
KVMWYiPE4HCbNwdVk/1V
=svrK
—–END PGP SIGNATURE—–
—