USN-6632-1

Details

David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. (CVE-2023-5678)

Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed PKCS12 files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2024-0727)

Affected Packages

openssl

Ubuntu Pro 16.04 LTS

Fixed in:

1.0.2g-1ubuntu4.20+esm11

openssl

Ubuntu Pro 18.04 LTS

Fixed in:

1.1.1-1ubuntu2.1~18.04.23+esm4

References

REPORT

https://ubuntu.com/security/CVE-2023-5678

REPORT

https://ubuntu.com/security/CVE-2024-0727

ADVISORY

https://ubuntu.com/security/notices/USN-6632-1