First published: Wed Oct 25 2023(Updated: )
USN-6435-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: It was discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-3446) Bernd Edlinger discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-3817)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libssl1.1 | <1.1.1f-1ubuntu2.20 | 1.1.1f-1ubuntu2.20 |
=20.04 | ||
All of | ||
ubuntu/openssl | <1.1.1f-1ubuntu2.20 | 1.1.1f-1ubuntu2.20 |
=20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of USN-6435-2 is not specified in the information provided.
To fix USN-6435-2, update the affected software to version 1.1.1f-1ubuntu2.20 or later.
The affected software for USN-6435-2 is libssl1.1 and openssl on Ubuntu 20.04 LTS.
The CVEs associated with USN-6435-2 are CVE-2023-3446 and CVE-2023-3817.
More information about USN-6435-2 can be found at the following references: [CVE-2023-3446](https://ubuntu.com/security/CVE-2023-3446), [CVE-2023-3817](https://ubuntu.com/security/CVE-2023-3817), [USN-6435-1](https://ubuntu.com/security/notices/USN-6435-1).