- Vulnerability/
- USN-4376-2
USN-4376-2: OpenSSL vulnerabilities
First published: Thu Jul 09 2020(Updated: )
USN-4376-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. (CVE-2019-1547) Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data. (CVE-2019-1559) Bernd Edlinger discovered that OpenSSL incorrectly handled certain decryption functions. In certain scenarios, a remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. (CVE-2019-1563)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libssl1.0.0 | <1.0.1f-1ubuntu2.27+esm1 | 1.0.1f-1ubuntu2.27+esm1 |
| =14.04 | ||
| All of | ||
| ubuntu/libssl1.0.0 | <1.0.1-4ubuntu5.44 | 1.0.1-4ubuntu5.44 |
| =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2019-1547
- https://ubuntu.com/security/CVE-2019-1559
- https://ubuntu.com/security/CVE-2019-1563
- https://ubuntu.com/security/notices/USN-4376-1
- https://ubuntu.com/security/notices/USN-4504-1
- https://ubuntu.com/security/notices/USN-3899-1
- https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.27+esm1
- https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.44
- https://ubuntu.com/security/notices/USN-4376-2 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What vulnerabilities are fixed by USN-4376-2?
USN-4376-2 fixes multiple vulnerabilities in OpenSSL, including CVE-2019-1547, CVE-2019-1559, and CVE-2019-1563.
Is Ubuntu 12.04 ESM affected by USN-4376-2?
Yes, Ubuntu 12.04 ESM is affected by USN-4376-2.
Is Ubuntu 14.04 ESM affected by USN-4376-2?
Yes, Ubuntu 14.04 ESM is affected by USN-4376-2.
How do I fix the OpenSSL vulnerabilities in Ubuntu 12.04 ESM?
To fix the OpenSSL vulnerabilities in Ubuntu 12.04 ESM, you should update the libssl1.0.0 package to version 1.0.1-4ubuntu5.44.
How do I fix the OpenSSL vulnerabilities in Ubuntu 14.04 ESM?
To fix the OpenSSL vulnerabilities in Ubuntu 14.04 ESM, you should update the libssl1.0.0 package to version 1.0.1f-1ubuntu2.27+esm1.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-4376-1
- anchor-related/USN-4504-1
- anchor-related/USN-3899-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/14.04
- version/ubuntu ubuntu/12.04