============================================================================ Ubuntu Security Notice USN-2232-4 August 18, 2014 openssl vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.04 LTS Summary: USN-2232-1 introduced a regression in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem. We apologize for the inconvenience. Original advisory details: J=C3=BCri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221) KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224) Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.21 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2232-4 http://www.ubuntu.com/usn/usn-2232-1 https://launchpad.net/bugs/1356843 Package Information: https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.21