Updated for this issue have been released:
https://ubuntu.com/security/notices/USN-4738-1
** Changed in: openssl (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1915913
Title:
OpenSSL Multiple Denial of Service Vulnerabilities
Status in openssl package in Ubuntu:
Fix Released
Bug description:
Multiple vulnerabilities have been reported in OpenSSL, which can be
exploited by malicious people to cause a DoS (Denial of Service).
1
An error related to the "X509_issuer_and_serial_hash()" function
(crypto/x509/x509_cmp.c) can be exploited to trigger a NULL pointer
dereference and subsequently cause a crash.
2
An integer overflow error related to CipherUpdate calls can be
exploited to cause a crash.
The vulnerabilities are reported in versions prior to 1.1.1j and prior
to 1.0.2y.
Affected Software
The following software is affected by the described vulnerability.
Please check the vendor links below to see if exactly your version is
affected.
OpenSSL 1.x
Solution
Update to version 1.1.1j or 1.0.2y.
References
1. https://www.openssl.org/news/secadv/20210216.txt
<https://www.openssl.org/news/secadv/20210216.txt>
2.
https://github.com/openssl/openssl/commit/8130d654d1de922ea224fa18ee3bc7262edc39c0
<https://github.com/openssl/openssl/commit/8130d654d1de922ea224fa18ee3bc7262edc39c0>
3.
https://github.com/openssl/openssl/commit/c9fb704cf3af5524eb8e79961e31b60eee8c3c47
<https://github.com/openssl/openssl/commit/c9fb704cf3af5524eb8e79961e31b60eee8c3c47>
Please provide an update.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1915913/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
