USN-5402-2

Details

USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. (CVE-2022-1292)

Aliaksei Levin discovered that OpenSSL incorrectly handled resources when decoding certificates and keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1473)

Affected Packages

openssl

Ubuntu Pro 16.04 LTS

Fixed in:

1.0.2g-1ubuntu4.20+esm3

References

REPORT

https://ubuntu.com/security/CVE-2022-1292

REPORT

https://ubuntu.com/security/CVE-2022-1473

ADVISORY

https://ubuntu.com/security/notices/USN-5402-2