RV_ Posted February 1, 2017 Report Share Posted February 1, 2017 Excerpt: "Ubuntu users are being urged to update their operating systems to address a handful of recently patched OpenSSL vulnerabilities which affect Ubuntu and its derivatives. Developers with Canonical, the company that oversees the Linux distribution, announced the updates on Tuesday, encouraging users to install the latest OpenSSL package versions depending on which distribution they’re running. The updates resolve several of the vulnerabilities fixed by the cryptographic library OpenSSL last Thursday. Three of the vulnerabilities fixed were branded “medium” severity by OpenSSL’s maintainers as they could lead to several outcomes, including a timing attack, a denial of service attack, and help an attacker potentially recover private keys. One issue (CVE-2016-7056) was tied to the fact that OpenSSL didn’t properly use constant-time operations when it performed Elliptic Curve DSA (ECDSA) with a Curve P-256 signing. Because of this, at least on Ubuntu 12.04 LTS and Ubuntu 14.04, an attacker could have performed a timing attack to recover private keys. OpenSSL maintainers said last week when it pushed the updates that achieving such an attack would be difficult, however. “Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely,” OpenSSL said, “The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients." The whole article with more is here: https://threatpost.com/latest-ubuntu-update-includes-openssl-fixes/123513/ Link to comment Share on other sites More sharing options...
k4rs Posted February 2, 2017 Report Share Posted February 2, 2017 RV, Thanks for the heads up. I checked my update log and see that I got that one yesterday (Feb. 1st.) but we all know that some people put off things a little longer sometimes. Safe Travels... Link to comment Share on other sites More sharing options...
RV_ Posted February 3, 2017 Author Report Share Posted February 3, 2017 No prob bud! How are you and your better half doing? Thanks for chiming in! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.