==========================================================================
Ubuntu Security Notice USN-3512-1
December 11, 2017
openssl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description:
– openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
David Benjamin discovered that OpenSSL did not correctly prevent
buggy applications that ignore handshake errors from subsequently calling
certain functions. (CVE-2017-3737)
It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery
multiplication procedure. While unlikely, a remote attacker could possibly
use this issue to recover private keys. (CVE-2017-3738)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libssl1.0.0 1.0.2g-1ubuntu13.3
Ubuntu 17.04:
libssl1.0.0 1.0.2g-1ubuntu11.4
Ubuntu 16.04 LTS:
libssl1.0.0 1.0.2g-1ubuntu4.10
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3512-1
CVE-2017-3737, CVE-2017-3738
Package Information:
https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu13.3
https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu11.4
https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.10
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJaLuBjAAoJEGVp2FWnRL6TiUQP/RCZUwlpUUsnw478vAjeWTy4
lD9osipzjsEfEdRJSFIba07pE0jGkiAGa8O3RmNOxIthcZVJHDfmNeHwF8jXPpl9
nclc9BA4rN8a0M6Lspandx0ZK1fYGYSVd6QBZIz3MU1lhHNXfFnyyzo1PJG0Ezsg
vg3ZKUu9f2r9/F1XiFIdlY3gJW8Ia9Z0HP7PcBQXcxIj2sC4bI89VDrT6GpxlWLA
6yqMJWcu2Xha+aGkVp3LwtoEVg4caxDxJhSNiojQDZHm3nlw2W74CWI62+ZyR03O
PCwajgf7Iu51XdR5laahVnVus+Y3bgMgQEdlC1vnpGeCf4vVUlJforiQXjDqDaMv
cSIOIh+U2ik9Uw+w6m7rEvswt/1Qsof2otxTPUogMpQ94hwODUAT2OMoYmHHFWRO
LKZcoP6xciPXSMSjDtVz5GIbsWOCLexsb7wxAelUzj2vmWmAYF6ByMwmMvkTkVKs
wHdp/FkXlF+tTcnzbakFmTLsKgWRBAXYewlVCRTzVjckkGee2vVg1OY7buxJ9gyI
vLU4FFKLpeMJL8GObcor5EzyKTYItPWaCaSsxZixPboOddiP88QXGvZGKuF64VUY
3FNyFcgX0iFU3upqRjOskyl6Rzh1au4mzhutKYugiLaWu5Aavkn34zVqN7ydAAbV
gi/ztYohDqWz6EuT2k2A
=+ruJ
—–END PGP SIGNATURE—–
—