Several security issues were fixed in OpenSSL.
Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8176)
11 June 2015
A security issue affects these releases of Ubuntu and its derivatives:
Several security issues were fixed in OpenSSL.
Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8176)
Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service. (CVE-2015-1788)
Robert Swiecki and Hanno Böck discovered that OpenSSL incorrectly handled certain ASN1_TIME strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1789)
Michal Zalewski discovered that OpenSSL incorrectly handled missing content when parsing ASN.1-encoded PKCS#7 blobs. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1790)
Emilia Käsper discovered that OpenSSL incorrectly handled NewSessionTicket when being used by a multi-threaded client. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1791)
Johannes Bauer discovered that OpenSSL incorrectly handled verifying signedData messages using the CMS code. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service. (CVE-2015-1792)
As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make all the necessary changes.