USN-1424-1: OpenSSL vulnerabilities
19 April 2012
An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file.
- openssl - Secure Socket Layer (SSL) cryptographic library and tools
It was discovered that OpenSSL could be made to dereference a NULL pointer
when processing S/MIME messages. A remote attacker could use this to cause
a denial of service. These issues did not affect Ubuntu 8.04 LTS.
Tavis Ormandy discovered that OpenSSL did not properly perform bounds
checking when processing DER data via BIO or FILE functions. A remote
attacker could trigger this flaw in services that used SSL to cause a
denial of service or possibly execute arbitrary code with application
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to reboot your computer to make
all the necessary changes.