ClickCease OpenSSL Vulnerabilities Patched in Ubuntu 18.04

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

OpenSSL Vulnerabilities Patched in Ubuntu 18.04

Rohan Timalsina

April 2, 2024 - TuxCare expert team

Several security vulnerabilities were discovered in OpenSSL, a critical library for securing communication across the internet. These vulnerabilities could be exploited by attackers to launch denial-of-service (DoS) attacks, potentially disrupting critical services. The Ubuntu security team has swiftly responded by releasing security updates for different Ubuntu releases, including Ubuntu 16.04 and Ubuntu 18.04.

Let’s delve into the specifics of these vulnerabilities:

 

Four OpenSSL Vulnerabilities Fixed

 

CVE-2023-3446

One of the flaws identified in OpenSSL is the slow checking of excessively long Diffie-Hellman (DH) keys or parameters. This may affect applications using the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() function, potentially leading to denial of service, especially when checking untrusted sources.

 

CVE-2023-3817

After patching CVE-2023-3446. It was found that a large ‘q’ parameter value can trigger prolonged computations during certain checks. Given that a correct q value cannot exceed the modulus p parameter, these checks become unnecessary if q surpasses p. Applications utilizing DH_check() with key or parameters from untrusted sources may result in denial-of-service attacks.

 

CVE-2023-5678

Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. This vulnerability, if exploited, could again cause resource exhaustion, leading to a denial of service.

 

CVE-2024-0727

Processing a maliciously crafted PKCS12 file could crash the OpenSSL service, potentially causing a DoS attack. Applications loading PKCS12 files from untrusted sources may abruptly terminate. Despite the PKCS12 specification permitting certain fields to be NULL, OpenSSL fails to adequately verify this condition, leading to a NULL pointer dereference and subsequent crash.

 

Mitigation Measures

 

To safeguard against these vulnerabilities, users are strongly advised to apply security updates promptly by updating their openssl packages. However, it’s worth noting that security updates for Ubuntu 16.04 and Ubuntu 18.04 are exclusively available through Extended Support Maintenance via Ubuntu Pro.

For those seeking a cost-effective alternative to Ubuntu Pro, TuxCare’s Extended Lifecycle Support offers a viable solution. It provides automated vulnerability patches for your end-of-life system for up to five years after standard support ends. This ensures continued security for your Ubuntu 16.04 and Ubuntu 18.04 systems without the high cost of a full Ubuntu Pro subscription.

 

Conclusion

The patches for these vulnerabilities are already released in TuxCare’s Extended Lifecycle Support for Ubuntu 16.04 and Ubuntu 18.04. By utilizing this extended support, you can effectively address these OpenSSL vulnerabilities and safeguard your end-of-life Ubuntu systems from potential attacks.

 

Source: USN-6709-1

Summary
OpenSSL Vulnerabilities Patched in Ubuntu 18.04
Article Name
OpenSSL Vulnerabilities Patched in Ubuntu 18.04
Description
Discover Ubuntu 18.04 security updates addressing OpenSSL vulnerabilities. Apply patches immediately to avoid denial of service attacks.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter