Ubuntu的openssl安全问题提醒USN-2192-1

openssl 安全漏洞

新发现一个影响 Ubuntu 和其衍生版本的安全问题，影响的版本包括：

• Ubuntu 14.04 LTS

• Ubuntu 13.10

• Ubuntu 12.10

• Ubuntu 12.04 LTS

概括

OpenSSL 在接收到某些特殊的网络流量会导致崩溃。

软件描述

• openssl    - Secure Socket Layer (SSL) 加密库和工具

问题描述

It was discovered that OpenSSL incorrectly handled memory in the
ssl3_read_bytes() function. A remote attacker could use this issue to
possibly cause OpenSSL to crash, resulting in a denial of service.
(CVE-2010-5298)

It was discovered that OpenSSL incorrectly handled memory in the
do_ssl3_write() function. A remote attacker could use this issue to
possibly cause OpenSSL to crash, resulting in a denial of service.
(CVE-2014-0198)

更新方法

可通过更新系统到下列包版本来解决

• Ubuntu 14.04 LTS:

• libssl1.0.0            1.0.1f-1ubuntu2.1    

• Ubuntu 13.10:

• libssl1.0.0            1.0.1e-3ubuntu1.3    

• Ubuntu 12.10:

• libssl1.0.0            1.0.1c-3ubuntu2.8    

• Ubuntu 12.04 LTS:

• libssl1.0.0            1.0.1-4ubuntu5.13    

系统更新方法请看: https://wiki.ubuntu.com/Security/Upgrades.

做完标准系统更新后需要重启机器让改动生效。

References

CVE-2010-5298,        CVE-2014-0198