Ubuntu 22.04 LTS: USN-5710-1 Critical OpenSSL Denial Of Service
ubuntu
November 1, 2022
Several security issues were fixed in OpenSSL.
Summary
Several security issues were fixed in OpenSSL.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
It was discovered that OpenSSL incorrectly handled certain X.509 Email
Addresses. If a certificate authority were tricked into signing a
specially-crafted certificate, a remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. The
default compiler options for affected releases reduce the vulnerability to
a denial of service. (CVE-2022-3602, CVE-2022-3786)
It was discovered that OpenSSL incorrectly handled applications creating
custom ciphers via the legacy EVP_CIPHER_meth_new() function. This issue
could cause certain applications that mishandled values to the function to
possibly end up with a NULL cipher and messages in plaintext.
(CVE-2022-3358)
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: libssl3 3.0.5-2ubuntu2 Ubuntu 22.04 LTS: libssl3 3.0.2-0ubuntu1.7 After a standard system update you need to reboot your computer to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-5710-1
CVE-2022-3358, CVE-2022-3602, CVE-2022-3786
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
November 01, 2022
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!