USN-3628-2: OpenSSL vulnerability
19 April 2018
OpenSSL could allow access to sensitve information.
Releases
Packages
- openssl - Secure Socket Layer (SSL) cryptographic library and tools
Details
USN-3628-1 fixed a vulnerability in OpenSSL. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia
discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly
use this issue to perform a cache-timing attack and recover private RSA keys.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
Related notices
- USN-3628-1: libssl1.0.0, libssl-doc, libssl1.0.0-udeb, libssl-dev, libcrypto1.0.0-udeb, openssl
- USN-3692-1: libssl1.0.0, libssl-doc, libssl1.1, libssl1.0.0-udeb, libssl-dev, libcrypto1.0.0-udeb, libssl1.1-udeb, openssl, openssl1.0, libcrypto1.1-udeb, libssl1.0-dev
- USN-3692-2: openssl, libssl1.0.0