USN-6435-1

Details

It was discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-3446)

Bernd Edlinger discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-3817)

Affected Packages

openssl

Ubuntu Pro 16.04 LTS

Fixed in:

1.0.2g-1ubuntu4.20+esm10

openssl

Ubuntu Pro 18.04 LTS

Fixed in:

1.1.1-1ubuntu2.1~18.04.23+esm3

References

REPORT

https://ubuntu.com/security/CVE-2023-3446

REPORT

https://ubuntu.com/security/CVE-2023-3817

ADVISORY

https://ubuntu.com/security/notices/USN-6435-1