Sicherheit: Mehrere Probleme in OpenSSL (Aktualisierung)

Lesezeichen hinzufügen

--===============6194448947975447532==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="2fHTh5uZTiUOsy+g"
Content-Disposition: inline

--2fHTh5uZTiUOsy+g
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inlin
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4376-2
July 09, 2020

openssl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in OpenSSL.

Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

USN-4376-1 fixed several vulnerabilities in OpenSSL. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin,
Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL
incorrectly handled ECDSA signatures. An attacker could possibly use this
issue to perform a timing side-channel attack and recover private ECDSA
keys. (CVE-2019-1547)

Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain
applications incorrectly used OpenSSL and could be exposed to a padding
oracle attack. A remote attacker could possibly use this issue to decrypt
data. (CVE-2019-1559)

Bernd Edlinger discovered that OpenSSL incorrectly handled certain
decryption functions. In certain scenarios, a remote attacker could
possibly use this issue to perform a padding oracle attack and decrypt
traffic. (CVE-2019-1563)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
libssl1.0.0 1.0.1f-1ubuntu2.27+esm1

Ubuntu 12.04 ESM:
libssl1.0.0 1.0.1-4ubuntu5.44

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/4376-2
https://usn.ubuntu.com/4376-1
CVE-2019-1547, CVE-2019-1559, CVE-2019-1563

--2fHTh5uZTiUOsy+g
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl8HWbUACgkQRbznW4QL
H2lfKQ//ZHc8mBhdG+IWDOimP0rJ4kGKLw2iT0bTc/mV6X878gyakJbnuyMEABAa
A516N4tUvD/7ImPVTqVxdjwYXuvx6iLpAF5pHZloipL0doz9oS5ZUn/HF8rZ3Xlw
wWfvIESCrRXKyv3Oef+l5xdRsDkyEoQYr2bq2mfGLvzSZMiZ8L/X2M9d9YkayswG
S9hULrziT7gE0lhMlCw2LXydsEZTgvWHdjzI/XOTQCIhTgLN6BPQjko2VUGOcutY
Pp+wFpbE2XkFTr3OQIwBAmqgBxY3mydBfnBo3KczACw3wa46wtN1V5/EGH+4pN93
wQ4YgVXGiDXPFFB+snMzXmBFn8mDAJyjB5yx78FZ6civOOEt6pRhD927C2pfkMqz
ZmIfBgRn2RT/BhFdkYO4eL+29pfOCjaFP44zrSHT78TvB7wgGnKeXXjazrKxA5NE
rsGmtpbxUspK1dPPp9E2pNm6G+Gad9lVTv1Be6zDETOR1LZdoAHV6IgPpKAe7nok
B+mfB6MnN3q6PO52jDjauTMpPJuZwperS/bQafgMhJ2tCiM3AE6RrD4gvAHWq9Dj
YnLgM8T6BpHDPVsHQdP6Lvh5BoHxJzzVv0fuQnO1UW7BBTMNQOoUeFY5FJmqzIqp
aNkxuMRNpFapTRi7x0V7bQSmOby8cDAxwa3x3AY9y3f7j7a35L4=
=nM9O
-----END PGP SIGNATURE-----

--2fHTh5uZTiUOsy+g--

--===============6194448947975447532==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============6194448947975447532==--