Canonical Patches Multiple OpenSSL Vulnerabilities in All Supported Ubuntu OSes
Today, May 3, 2016, Canonical has issued a new Ubuntu security notice to inform the community about the availability of new OpenSSL versions that patch various vulnerabilities discovered upstream by various developers.
The OpenSSL security notice is valid for the Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 15.10 (Wily Werewolf), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin). It details a total of five security issues that have been fixed in OpenSSL, which contains the Secure Socket Layer (SSL) cryptographic library and tools.
“A security issue affects these releases of Ubuntu and its derivatives, Ubuntu 16.04 LTS, Ubuntu 15.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS,” reads today’s security notice. “As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack.”
Users are urged to upgrade as soon as possible