USN-3628-2: OpenSSL vulnerability

Releases

• Ubuntu 12.04

Packages

• openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

USN-3628-1 fixed a vulnerability in OpenSSL. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia
discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly
use this issue to perform a cache-timing attack and recover private RSA keys.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04

• libssl1.0.0 - 1.0.1-4ubuntu5.41

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

• CVE-2018-0737

Related notices

• USN-3628-1: libssl-dev, libcrypto1.0.0-udeb, libssl1.0.0, openssl, libssl1.0.0-udeb, libssl-doc
• USN-3692-1: libcrypto1.1-udeb, libssl1.1-udeb, libssl-dev, libcrypto1.0.0-udeb, libssl1.0.0, openssl, libssl1.0-dev, openssl1.0, libssl1.1, libssl1.0.0-udeb, libssl-doc
• USN-3692-2: libssl1.0.0, openssl