Ubuntu Fixes Multiple OpenSSL Vulnerabilities
Several security issues have recently been discovered in OpenSSL that could result in denial-of-service attacks. OpenSSL is widely used to secure communications across the internet, making these vulnerabilities a significant concern. In response, Canonical has released security updates to address multiple OpenSSL vulnerabilities across different releases, including Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS.
OpenSSL Vulnerabilities 2024 Details
CVE-2024-2511
This vulnerability arises from incorrect handling of TLSv1.3 sessions in OpenSSL when certain non-default TLS server configurations are used. A remote attacker could exploit this issue to cause OpenSSL to consume excessive resources, leading to a denial of service.
CVE-2024-4603
OpenSSL was found to incorrectly handle checking excessively long DSA keys or parameters. This issue, which only affects Ubuntu 22.04 LTS and Ubuntu 24.04 LTS, can be exploited by a remote attacker to cause resource consumption, resulting in a denial of service.
CVE-2024-4741
Discovered by William Ahern, this vulnerability involves incorrect handling of certain memory operations in a rarely-used API. A remote attacker could exploit this flaw to crash OpenSSL, causing a denial of service, or potentially execute arbitrary code.
CVE-2024-5535
Joseph Birr-Pixton identified a vulnerability where OpenSSL incorrectly handled calling a specific API with an empty supported client protocols buffer. This flaw could be used by a remote attacker to obtain sensitive information or cause OpenSSL to crash, leading to a denial of service.
Applying Security Patches with LibCare
Enterprises typically patch vulnerabilities in their shared libraries by restarting services, but this is no longer necessary with LibCare from TuxCare. LibCare is a live patching tool for common shared libraries, such as glibc and OpenSSL, allowing you to apply security patches without needing to restart services or reboot systems. However, it is important to note that LibCare is an add-on tool for KernelCare Enterprise, a live kernel patching tool for all major Linux distributions, including Ubuntu, RHEL, CentOS, Rocky Linux, AlmaLinux, CloudLinux, Debian, Amazon Linux, and more.
Patching OpenSSL Vulnerabilities in End-of-Life Linux
Many organizations rely on older Linux systems for critical operations. While supported Linux distributions receive regular security updates and patches, the end of life (EOL) Linux distributions pose significant risks. To address this critical challenge, TuxCare offers Extended Lifecycle Support (ELS), providing automated vulnerability patches for a range of EOL distributions, including CentOS (6, 7, and 8), CentOS Stream 8, Ubuntu (16.04 and 18.04), and Oracle Linux 6.
Conclusion
To protect your systems from OpenSSL vulnerabilities, it is essential to update your OpenSSL packages to the latest version. However, this often requires restarting services that rely on OpenSSL to ensure they are using the updated version, which may disrupt normal operations. By leveraging tools like LibCare and KernelCare Enterprise, organizations can ensure robust security and continuity of operations. For those managing legacy systems, Extended Lifecycle Support provides an affordable solution to maintain security beyond the end-of-life date.
Want to dive deeper into OpenSSL patching and best practices? Check out our comprehensive guide.
Have questions about securing your specific Linux environment? Our security experts are here to help! Ask Us a Question.
Source: USN-6937-1