Jump to content

Ubuntu Users!


RV_

Recommended Posts

Excerpt:

 

"Ubuntu users are being urged to update their operating systems to address a handful of recently patched OpenSSL vulnerabilities which affect Ubuntu and its derivatives.

 

Developers with Canonical, the company that oversees the Linux distribution, announced the updates on Tuesday, encouraging users to install the latest OpenSSL package versions depending on which distribution they’re running.

 

The updates resolve several of the vulnerabilities fixed by the cryptographic library OpenSSL last Thursday.

 

Three of the vulnerabilities fixed were branded “medium” severity by OpenSSL’s maintainers as they could lead to several outcomes, including a timing attack, a denial of service attack, and help an attacker potentially recover private keys.

 

One issue (CVE-2016-7056) was tied to the fact that OpenSSL didn’t properly use constant-time operations when it performed Elliptic Curve DSA (ECDSA) with a Curve P-256 signing. Because of this, at least on Ubuntu 12.04 LTS and Ubuntu 14.04, an attacker could have performed a timing attack to recover private keys.

 

OpenSSL maintainers said last week when it pushed the updates that achieving such an attack would be difficult, however.

 

“Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely,” OpenSSL said, “The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients."

 

The whole article with more is here:

https://threatpost.com/latest-ubuntu-update-includes-openssl-fixes/123513/

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

RV,

 

Thanks for the heads up. I checked my update log and see that I got that one yesterday (Feb. 1st.) but we all know that some people put off things a little longer sometimes.

 

Safe Travels...

Roger, K4RS and Toni, K1TS
Amateur Radio Operators - Motorcycle Riders (Harley Davidson Tri-Glide Ultra)

Fulltime from 2003-2016 - Now longtime RVers

On the road, living the dream...
Ford F-250 Super Duty 7.3 liter diesel and Forest River XLR Toyhauler. 

Position report via amateur radio

 

Link to comment
Share on other sites

No prob bud! How are you and your better half doing?

 

Thanks for chiming in!

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

RVers Online University

Giraffe G4.

mywaggle.com

campgroundviews.com

RV Destinations

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

RVTravel.com Logo



×
×
  • Create New...