drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in OpenSSL (Aktualisierung)
Name: |
Mehrere Probleme in OpenSSL (Aktualisierung) |
|
ID: |
USN-4376-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 ESM, Ubuntu 14.04 ESM |
|
Datum: |
Do, 9. Juli 2020, 22:01 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559 |
|
Applikationen: |
OpenSSL |
|
Update von: |
Mehrere Probleme in OpenSSL |
|
Originalnachricht |
--===============6194448947975447532== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2fHTh5uZTiUOsy+g" Content-Disposition: inline
--2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inlin Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-4376-2 July 09, 2020
openssl vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM - Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in OpenSSL.
Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
USN-4376-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. (CVE-2019-1547)
Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data. (CVE-2019-1559)
Bernd Edlinger discovered that OpenSSL incorrectly handled certain decryption functions. In certain scenarios, a remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. (CVE-2019-1563)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: libssl1.0.0 1.0.1f-1ubuntu2.27+esm1
Ubuntu 12.04 ESM: libssl1.0.0 1.0.1-4ubuntu5.44
After a standard system update you need to reboot your computer to make all the necessary changes.
References: https://usn.ubuntu.com/4376-2 https://usn.ubuntu.com/4376-1 CVE-2019-1547, CVE-2019-1559, CVE-2019-1563
--2fHTh5uZTiUOsy+g Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl8HWbUACgkQRbznW4QL H2lfKQ//ZHc8mBhdG+IWDOimP0rJ4kGKLw2iT0bTc/mV6X878gyakJbnuyMEABAa A516N4tUvD/7ImPVTqVxdjwYXuvx6iLpAF5pHZloipL0doz9oS5ZUn/HF8rZ3Xlw wWfvIESCrRXKyv3Oef+l5xdRsDkyEoQYr2bq2mfGLvzSZMiZ8L/X2M9d9YkayswG S9hULrziT7gE0lhMlCw2LXydsEZTgvWHdjzI/XOTQCIhTgLN6BPQjko2VUGOcutY Pp+wFpbE2XkFTr3OQIwBAmqgBxY3mydBfnBo3KczACw3wa46wtN1V5/EGH+4pN93 wQ4YgVXGiDXPFFB+snMzXmBFn8mDAJyjB5yx78FZ6civOOEt6pRhD927C2pfkMqz ZmIfBgRn2RT/BhFdkYO4eL+29pfOCjaFP44zrSHT78TvB7wgGnKeXXjazrKxA5NE rsGmtpbxUspK1dPPp9E2pNm6G+Gad9lVTv1Be6zDETOR1LZdoAHV6IgPpKAe7nok B+mfB6MnN3q6PO52jDjauTMpPJuZwperS/bQafgMhJ2tCiM3AE6RrD4gvAHWq9Dj YnLgM8T6BpHDPVsHQdP6Lvh5BoHxJzzVv0fuQnO1UW7BBTMNQOoUeFY5FJmqzIqp aNkxuMRNpFapTRi7x0V7bQSmOby8cDAxwa3x3AY9y3f7j7a35L4= =nM9O -----END PGP SIGNATURE-----
--2fHTh5uZTiUOsy+g--
--===============6194448947975447532== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============6194448947975447532==--
|
|
|
|