Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in OpenSSL
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in OpenSSL
ID: USN-7264-1
Distribution: Ubuntu
Plattformen: Ubuntu 24.10
Datum: Di, 11. Februar 2025, 22:52
Referenzen: https://www.cve.org/CVERecord?id=CVE-2024-13176
https://www.cve.org/CVERecord?id=CVE-2024-12797
https://www.cve.org/CVERecord?id=CVE-2024-9143
Applikationen: OpenSSL

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============9184378655179244226==
Content-Language: fr, en-CA, en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------I2ceEVwglqo3GgSrntrMuVeW"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------I2ceEVwglqo3GgSrntrMuVeW
Content-Type: multipart/mixed;
 boundary="------------kLtxGgRLRw2fHCtv4TymsIMY";
 protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
 <ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <13676c13-edf9-4a7d-bb20-837ced33b14a@canonical.com>
Subject: [USN-7264-1] OpenSSL vulnerabilities
Autocrypt-Gossip: addr=security@ubuntu.com; keydata=
 xsFNBF7HusQBEADHo6tQYXvxFcsmh1TW7uO5iJODq86SLfHg4GakjZuwqK3kIDeHmfEBgT4s
 +2+xXO8T5Q7ivna2K7bpcuUc33smqxX+vaMvaEACPyObGEtQ70irhG5NGN6neNIFVQyD3IBo
 zxFEq71rkcl0l2QUaQegfmSCrDBDq7tH40ZFfzfqIhDEd1b8b6pHmLImXnFpQ6TFgsRwMbF6
 KFRgBWk0YWxY33oalw+fyle2zTWiwI3kw5XP+Xjs9f/C7b63t9Cl1wUdxVCQn1+Jq1mKL/Of
 G/G3RHuC3tovU6JvF45Lv8kAGMpHkM9Nm9ptlT50lcZU2Nc2m34G/i4gPeAeHboQmc+ORNC9
 w7DhUseg1W48jEWriUW5CA29r9pqU+vjRafYIBsqtchXasqtcuzeDd5Witezo3tV1eyvJy38
 lKoENPA0cODDkuINmrVZt98dBjGnmKZHUa9HpmEyJ/LxfLK61mFLf3NQfPYeTpt/ML7Mb4CU
 TkPxs8LiigJgbGuCffbdvdyZLsxM+YLspak4XMfErpv+f2awOBgb+M6oOuvtb53r7BIu2AVH
 Od+U4URcg4rW/EWH4xVfedpMyIsDUSrP99rfufEBioTwRDxsrntwOXvfCRc2WaVLMbqODYIX
 jC+AynbHqEkQZVxDEuRS3pjoDnJ7R7piBHy7iL5Wb9nVihamSwARAQABzSVVYnVudHUgU2Vj
 dXJpdHkgPHNlY3VyaXR5QHVidW50dS5jb20+wsGUBBMBCgA+AhsDBQsJCAcCBhUKCQgLAgQW
 AgMBAh4BAheAFiEEQHJg92Fuzk2dEkYnmOl0DcNFOeAFAmRREggFCQss8cQACgkQmOl0DcNF
 OeCbiQ//RdpnfN5oJ/Px1IQLFA0x6kEZAUjNpN1Mupfb52oX+dg774r/TawIc7tUE+o/WKuC
 Lh+0JI8HF8OIlN9cm+RrixQGll482qFWcWw/Nb7nnFtvwOCxlaTABGttEmesAZ125p6W7KIR
 6bRGxTXJ5Z50TLNUyBmc3+G3/hZigsFLBI/9GGzKCWNxobDfM9IQCknie/yfJ1NVeRoyXUpK
 dfgq9Pl/ohvR3BMrvw1XMTuxQn4C1cRcv+Wle/L/cq4fv3BLySYWElgeoKa2ozj9Fq2LRXF6
 uzO2QaTnfvOk1AdTUFev8lGSVb76nPOvnHcaTTsgRlwmdjTNDEKqSC8h5ZzjaWmPpMCZeY0/
 yTOnVlF5gercYD4utmSEcHMpBqNP1RZPt9SbN6x5v1l/tIA10TTi0UwnhklIsUqEUKXM/FKi
 YDJtzrLevdiPMoSOFCq/GY7fphisyXPL8teMLf5QFJ4WaLJdY1JQVMc5whlWj5SPOdWpQ08U
 aAX+bP822ZZ/6GKax+I2g9UN5itsNNz3GGs928zBCbzqAwmhat1LwbhS0Q9gAmrb8l0aPlYe
 9raaTAx/sZc8h11ivSNMExiB+W6184nuPgdqqH5cUPdNpDvvijOH18zj+BwGQ4pf8YyzDLqR
 Ng6BHrdsPgaQwbVVckiKvXP6vzrlruyiwRhKMZXf+MXOwU0EXse6xAEQAMbDPCAsziHrqt7T
 wGMAywGwEh0ADKf+KAL7Wpfpg/Vzeh/4ruQcbOSb83agupq5EJ1jP+JJRZ3nXq0Lhe0vRRzG
 YQJC9uYuHcWNpMY3HMPhSVBYEUr2dmVku6pREoTlUnNtf8ikbI2Hi7RiJ8Dz8s76lNA1t5Ow
 Yf6fw0lJ/5AsZ0KtL28kvZLM77UFSRcgaZyZxt2IQwDnn+YHyhuOtxbrX7yXhkjS/4KdfaUa
 7SN5QY7Cx8wPL9SPjnP0Tqg9SYlZy8D+bRZD+a7ZFeq1vyweCvDsBcCuMNEbMlVpOmCdTipS
 T2pdvcgaFW6WLX5oUZWRxqsBMVmMFuk+ck5hi0mKgWCaah7l2R7tDh9hY8PIpXigLoc8c8Jw
 +x4GFAe0OtU1/9METCtUJ/7dcmWREkLUsU7XqPwG2y+qIDrmZR6arlHMVxF43JZF9mY/ZZHO
 cnPP60c8qcScV4iLhA9hI7SuY1kfNr011zOuCxf+MwvQfeM0e/aKrpPrZNRxLK3ox73FDxeN
 4t+tTdW2Ln7MqorVhtdiJMiTZLt2cptOqQLWzBSwrcceBkHlysgtK9wdeDw1pbHNlG2SxJq+
 ge0zUIZ+ztFs82AGtiEcEXRjtmX9WF5/uFVPj+ZuYT4Rve5Zb8ama6dlD1WR5V9DI+xGIr+t
 d35cwCXde0HaCI+iNDXxABEBAAHCwXwEGAEKACYCGwwWIQRAcmD3YW7OTZ0SRieY6XQNw0U5
 4AUCZFESMwUJCyzx7wAKCRCY6XQNw0U54MOOEACWJmWWJVB6JokT23ByG8qVcPpZFXn6sX1D
 ZyuiWY/X/PgPkYxOmo3Q9ZutoaYLEeqRptSDOfgFS0oD78qjxDh/zSeCqgwmCAhfkH53jJ/L
 bhEwKt79o/PDLEWaYI915UKNpLark2ZuL+iQSSCLhywlzWrT47d7JqndYBgL3ukuQ+LflcoF
 g6RwayUjzGtnWJGN2Pg+BKS8x01AfIFtvn3QhSnBKUxmHneb+iq8bG/tbGoTXTrGmNHNqB7x
 inPt74a+kZRWNBZ28wwf7FQ7nXk8B6kBA6THs3IRew0u3U1qwYSp6v0QVYwj6o+FGSpQdwDW
 KnrHUc7oxrk2pfGY0PPdgcpBKuQ2bhlufLsLwe277zA7Mb36pVaUuf3a7Mswl3oUC8+Si4J9
 HmhthRX9GythWEyUCK2q9LZncaBJMi4Levdc2dkaSVNq166OxJ61fxtlmyHJpBrRPLc2TIxQ
 98v9fYwUVTGvHsneiZH0oxDXqdJs2zgkzVxktLp6mOWZtntu4SJexytJvEjJDMkPweq0PuDX
 pyEsNdweH0vWueQiCNYaFHVuCTBmcGbpF+MxtB+WijbpeJGRyciYfmqk7XuUNOLU7mXotPiE
 ALhdY3Z4JCTuKN+xJT+5vkXRVEsOjibTelUIdFkcSHsJ64yoLJ11fhZdaQx5HnfbHpsqjI5I
 oA==

--------------kLtxGgRLRw2fHCtv4TymsIMY
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7264-1
February 11, 2025

openssl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10

Summary:

Several security issues were fixed in OpenSSL.

Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

It was discovered that OpenSSL clients incorrectly handled authenticating
servers using RFC7250 Raw Public Keys. In certain cases, the connection
will not abort as expected, possibly causing the communication to be
intercepted. (CVE-2024-12797)

George Pantelakis and Alicja Kario discovered that OpenSSL had a timing
side-channel when performing ECDSA signature computations. A remote
attacker could possibly use this issue to recover private data.
(CVE-2024-13176)

It was discovered that OpenSSL incorrectly handled certain memory
operations when using low-level GF(2^m) elliptic curve APIs with untrusted
explicit values for the field polynomial. When being used in this uncommon
fashion, a remote attacker could use this issue to cause OpenSSL to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2024-9143)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   libssl3t64                      3.3.1-2ubuntu2.1
   openssl                         3.3.1-2ubuntu2.1

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7264-1
   CVE-2024-12797, CVE-2024-13176, CVE-2024-9143

Package Information:
   https://launchpad.net/ubuntu/+source/openssl/3.3.1-2ubuntu2.1

--------------kLtxGgRLRw2fHCtv4TymsIMY--

--------------I2ceEVwglqo3GgSrntrMuVeW
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmerusAFAwAAAAAACgkQZWnYVadEvpNv
wA/+P3ZIeLa/n/D+/kkethlgVfbw/6i4FmdGq3F1SCs81mSZf5gT9GZke9iXvOfC45LTnunLbNgs
UQhcvStLa2wBn4u4jUhgOQFbplRPxKkf07DnMCBa7TsLBJQr0149GNOcKR5Bsu8hA51O5Hz2lfjV
gA0vXFxYgxpzPYBxN3JJZnewY9YmpRA8DU46uoj/lpg5ubZ9+TOnsqgyFTDcxoozsionHpfnVSTI
ByywxssO8kd+vWNladuoVVhsk88xaIoKW6xiARUNWCkvsx2fEh08dGde4tl/1BySRxwt8NqErbO4
aXwYj2Duvel/hvcaKEk+N3nm+5HNkoDLcemkLFnd7UhuVzj/Vp6NltI/rpfUaa7UvyM9ysjlEvWl
LHFA6TbAapWBTQK03R5xQQIi5NjHre0dOeuS2F+d1E+Kbw49qGaipfxvR52vSbd6JZJvx7MPe7Z/
rDv2647mjdceqe/KAsmZx2TLl+1SfCUHdXtNkUlC9gZGI3wFImrF+WeEfcz3V58iAQY2hStVfppj
mkX/RjlZTeJ5awDrepA4b0gHKon/I0Y9MfCB88BWVUD+acg3ENWUy5eWNOrfTMhYpALm2aLpwjKg
ubcX3pJUvhWA5Xlfyz15JFcUpqZH5AQ3jSigtqJ7Q2utFqjS8ZWRmmFC7LPTT7YF5t0VZkouWKkK
qCM=
=unm0
-----END PGP SIGNATURE-----

--------------I2ceEVwglqo3GgSrntrMuVeW--


--===============9184378655179244226==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============9184378655179244226==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung