---

Canonical Releases Important OpenSSL Updates for Ubuntu to Fix 6 Vulnerabilities

Discovered by Guido Vranken, the first OpenSSL security flaw (CVE-2016-2177) could allow a remote attacker to exploit an undefined behavior when performing pointer arithmetic to cause a denial of service by crashing OpenSSL. This vulnerability is only affecting the Ubuntu 12.04 LTS and Ubuntu 14.04 LTS releases. The CVE-2016-7055 and CVE-2016-8610 (discovered by Shi Lei) OpenSSL security issues suggest that the software could not handle Montgomery multiplication correctly, nor some warning alerts, which may lead to transient failures or allow a remote attacker to cause a denial of service by making OpenSSL stop responding. The first one only affects Ubuntu 16.04 LTS and Ubuntu 16.10.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis