---

Canonical Releases Important OpenSSL Updates for Ubuntu to Fix 6 Vulnerabilities

Discovered by Guido Vranken, the first OpenSSL security flaw (CVE-2016-2177) could allow a remote attacker to exploit an undefined behavior when performing pointer arithmetic to cause a denial of service by crashing OpenSSL. This vulnerability is only affecting the Ubuntu 12.04 LTS and Ubuntu 14.04 LTS releases. The CVE-2016-7055 and CVE-2016-8610 (discovered by Shi Lei) OpenSSL security issues suggest that the software could not handle Montgomery multiplication correctly, nor some warning alerts, which may lead to transient failures or allow a remote attacker to cause a denial of service by making OpenSSL stop responding. The first one only affects Ubuntu 16.04 LTS and Ubuntu 16.10.