Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6986-1

Ubuntu Security Notice 6986-1 - David Benjamin discovered that OpenSSL incorrectly handled certain X.509 certificates. An attacker could possible use this issue to cause a denial of service or expose sensitive information.

Packet Storm
#vulnerability#ubuntu#dos#ssl

==========================================================================
Ubuntu Security Notice USN-6986-1
September 03, 2024

openssl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 24.04 LTS
  • Ubuntu 22.04 LTS

Summary:

OpenSSL could be made to crash or expose sensitive information
if it received a specially crafted certificate.

Software Description:

  • openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

David Benjamin discovered that OpenSSL incorrectly handled certain
X.509 certificates. An attacker could possible use this issue to
cause a denial of service or expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libssl3t64 3.0.13-0ubuntu3.4
openssl 3.0.13-0ubuntu3.4

Ubuntu 22.04 LTS
libssl3 3.0.2-0ubuntu1.18
openssl 3.0.2-0ubuntu1.18

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6986-1
CVE-2024-6119

Package Information:
https://launchpad.net/ubuntu/+source/openssl/3.0.13-0ubuntu3.4
https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.18

Related news

Red Hat Security Advisory 2024-7599-03

Red Hat Security Advisory 2024-7599-03 - Red Hat OpenShift Container Platform release 4.16.16 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution, denial of service, integer overflow, and out of bounds write vulnerabilities.

Red Hat Security Advisory 2024-6783-03

Red Hat Security Advisory 2024-6783-03 - An update for openssl is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Debian Security Advisory 5764-1

Debian Linux Security Advisory 5764-1 - David Benjamin reported a flaw in the X.509 name checks in OpenSSL, a Secure Sockets Layer toolkit, which may cause an application performing certificate name checks to crash, resulting in denial of service.

Packet Storm: Latest News

TOR Virtual Network Tunneling Tool 0.4.8.13