USN-5051-1: OpenSSL vulnerabilities

24 August 2021

Several security issues were fixed in OpenSSL.

Releases

Packages

  • openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

John Ouyang discovered that OpenSSL incorrectly handled decrypting SM2
data. A remote attacker could use this issue to cause applications using
OpenSSL to crash, resulting in a denial of service, or possibly change
application behaviour. (CVE-2021-3711)

Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1
strings. A remote attacker could use this issue to cause OpenSSL to crash,
resulting in a denial of service, or possibly obtain sensitive information.
(CVE-2021-3712)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.04
Ubuntu 20.04
Ubuntu 18.04

After a standard system update you need to reboot your computer to make
all the necessary changes.

Related notices

  • USN-5051-2: openssl, libssl-doc, libssl1.0.0, libssl-dev
  • USN-5088-1: edk2, ovmf, qemu-efi, ovmf-ia32, qemu-efi-arm, qemu-efi-aarch64
  • USN-5051-3: libssl1.0-dev, libssl1.0.0, openssl1.0