You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa openssl

Sigurnosni nedostaci programskog paketa openssl

==========================================================================
Ubuntu Security Notice USN-3512-1
December 11, 2017

openssl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description:
– openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

David Benjamin discovered that OpenSSL did not correctly prevent
buggy applications that ignore handshake errors from subsequently calling
certain functions. (CVE-2017-3737)

It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery
multiplication procedure. While unlikely, a remote attacker could possibly
use this issue to recover private keys. (CVE-2017-3738)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
libssl1.0.0 1.0.2g-1ubuntu13.3

Ubuntu 17.04:
libssl1.0.0 1.0.2g-1ubuntu11.4

Ubuntu 16.04 LTS:
libssl1.0.0 1.0.2g-1ubuntu4.10

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3512-1
CVE-2017-3737, CVE-2017-3738

Package Information:
https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu13.3
https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu11.4
https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.10

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJaLuBjAAoJEGVp2FWnRL6TiUQP/RCZUwlpUUsnw478vAjeWTy4
lD9osipzjsEfEdRJSFIba07pE0jGkiAGa8O3RmNOxIthcZVJHDfmNeHwF8jXPpl9
nclc9BA4rN8a0M6Lspandx0ZK1fYGYSVd6QBZIz3MU1lhHNXfFnyyzo1PJG0Ezsg
vg3ZKUu9f2r9/F1XiFIdlY3gJW8Ia9Z0HP7PcBQXcxIj2sC4bI89VDrT6GpxlWLA
6yqMJWcu2Xha+aGkVp3LwtoEVg4caxDxJhSNiojQDZHm3nlw2W74CWI62+ZyR03O
PCwajgf7Iu51XdR5laahVnVus+Y3bgMgQEdlC1vnpGeCf4vVUlJforiQXjDqDaMv
cSIOIh+U2ik9Uw+w6m7rEvswt/1Qsof2otxTPUogMpQ94hwODUAT2OMoYmHHFWRO
LKZcoP6xciPXSMSjDtVz5GIbsWOCLexsb7wxAelUzj2vmWmAYF6ByMwmMvkTkVKs
wHdp/FkXlF+tTcnzbakFmTLsKgWRBAXYewlVCRTzVjckkGee2vVg1OY7buxJ9gyI
vLU4FFKLpeMJL8GObcor5EzyKTYItPWaCaSsxZixPboOddiP88QXGvZGKuF64VUY
3FNyFcgX0iFU3upqRjOskyl6Rzh1au4mzhutKYugiLaWu5Aavkn34zVqN7ydAAbV
gi/ztYohDqWz6EuT2k2A
=+ruJ
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa wireshark

Otkriveni su sigurnosni nedostaci u programskom paketu wireshark za operacijski sustav Debian. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanjem...

Close